Paddy Power data breach results in loss of 649,000 customer details

The data includes names, addresses, dates of birth, and security question answers

Series of locks on binary code with one unlocked

The details of 649,000 customers have been stolen from online bookmakers Paddy Power, including names, addresses, dates of birth, and security question answers.

The data breach happened in 2010, but was revealed yesterday (Thursday 31 July), when the company emailed customers to inform them. Only customers who signed up to Paddy Power before 2010 are affected.

Paddy Power was approached by a third party in May who said its data was in the possession of someone in Canada, so it advised the Irish police force An Garda Sochna to investigate the incident.

The police force worked with Canadian authorities to seize the person in question's computer and then Paddy Power verified it was indeed the bookmaker's data.

The company said only personal information was stolen, not financial details, that could give hackers access to bank accounts.

Peter O'Donovan, managing director of Paddy Power's online division, said: "We sincerely regret that this breach occurred and we apologise to people who have been inconvenienced as a result.

"We take our responsibilities regarding customer data extremely seriously and have conducted an extensive investigation into the breach and the recovered data.

"That investigation shows that there is no evidence that any customer accounts have been adversely impacted by this breach."

The Belfast Telegraph, said it believed Paddy Power was aware of malicious activity occurring in 2010 and then responded by completing a security audit of its systems. Customers were not informed of this malicious activity at the time.

The case has now been referred to the Information Commissioner's Office (ICO) for an investigation.

Last week, online travel firm Think W3 was fined 150,000 for failing to keep its customer details safe, after hackers stole the details of more than 1.5 million customers' credit cards.

The ICO said the company failed to sufficiently secure its data against the threat of hackers.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Europol ordered to delete huge cache of unlawfully stored data
data protection

Europol ordered to delete huge cache of unlawfully stored data

11 Jan 2022
Grindr given €6.5 million GDPR fine for selling special category user data without consent
General Data Protection Regulation (GDPR)

Grindr given €6.5 million GDPR fine for selling special category user data without consent

15 Dec 2021
Identity Automation launches credential breach monitoring service
phishing

Identity Automation launches credential breach monitoring service

5 Oct 2021
Cellebrite launches industry-first remote data collection solution
data management

Cellebrite launches industry-first remote data collection solution

29 Sep 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022