2010 Security Breach Only Now Being Revealed By Paddy Power

Aug 01, 2014

Online bookie Paddy Power is making an embarrassed apology to 649,055 of their customers who it believes were affected by a data breach.

The firm has faced huge amounts of criticism over its failure to properly report the breach, which occured four years ago, however - in 2010.

Paddy Power waited until Thursday this week to tell 649,055 customers their names, email address, phone numbers and answers to security questions had been hacked in the breach.

Paddy Power said it had detected malicious activity at the time - but, after a detailed investigation, determined that no financial information or customer passwords had been put at risk.

"I am very disappointed that it has taken until now for Paddy Power to inform its customers," Ireland's junior minister with responsibility for data protection Dara Murphy said in a statement on Friday.

"It is best practise to inform the Data Protection Commissioner as soon as these breaches occur, and although these were not breaches of password or financial information, the code of practice should be followed at all times."

Peter O'Donovan, MD Online, Paddy Power, said "We take our responsibilities regarding customer data extremely seriously and have conducted an extensive investigation into the breach and the recovered data. That investigation shows that there is no evidence that any customer accounts have been adversely impacted by this breach."

Despite the breach taking the best part of five years to discover and disclose, O'Donavan remains confident in the company's existing security systems.

"Robust security systems and processes are critical to our business and we continuously invest in our information security systems to meet evolving threats. This means we are very confident in our current security systems and we continue to invest in them to ensure we have best in class capabilities across vulnerability management, software security and infrastructure."

Our advice to Paddy Power users: don't bet on your security. Check back for any suspicious activity on services where you've used the same password, and change the password just in case.

Author: Paul Cooper 

View the original article here.
Published under license from ITProPortal.com