The details of 649,000 customers have been stolen from online bookmakers Paddy Power, including names, addresses, dates of birth, and security question answers.
The data breach happened in 2010, but was revealed yesterday (Thursday 31 July), when the company emailed customers to inform them. Only customers who signed up to Paddy Power before 2010 are affected.
Paddy Power was approached by a third party in May who said its data was in the possession of someone in Canada, so it advised the Irish police force An Garda Sochna to investigate the incident.
The police force worked with Canadian authorities to seize the person in question's computer and then Paddy Power verified it was indeed the bookmaker's data.
The company said only personal information was stolen, not financial details, that could give hackers access to bank accounts.
Peter O'Donovan, managing director of Paddy Power's online division, said: "We sincerely regret that this breach occurred and we apologise to people who have been inconvenienced as a result.
"We take our responsibilities regarding customer data extremely seriously and have conducted an extensive investigation into the breach and the recovered data.
"That investigation shows that there is no evidence that any customer accounts have been adversely impacted by this breach."
The Belfast Telegraph, said it believed Paddy Power was aware of malicious activity occurring in 2010 and then responded by completing a security audit of its systems. Customers were not informed of this malicious activity at the time.
The case has now been referred to the Information Commissioner's Office (ICO) for an investigation.
Last week, online travel firm Think W3 was fined 150,000 for failing to keep its customer details safe, after hackers stole the details of more than 1.5 million customers' credit cards.
The ICO said the company failed to sufficiently secure its data against the threat of hackers.
