The Irish bookmaker is contacting certain clients in relation to what it deems “an historical data breach”. However, the group said no financial information or passwords were compromised in the incident and customers’ accounts are not at risk as a result. The full extent of the 2010 hacking episode became known to the company in recent months when it took legal action in Canada with the assistance of the Ontario Provincial Police to retrieve the compromised dataset from an individual.
Following a verification process on a sample of the data, the sportsbook operator sought and received two court orders to seize the individual’s IT assets, recover the records and delete them, examine his bank accounts and financial transactions and question him. The court orders were secured and executed in Canada during the week of July 7th.
“Paddy Power takes its responsibilities regarding customer data extremely seriously and it is deeply regrettable that this breach happened. Paddy Power has engaged with the Office of the Data Protection Commissioner on this issue and kept them updated on the action taken by the Company,” a statement on the investor relations website reads.
What is known is that the historical dataset contained individual customer’s names, usernames, addresses, email addresses, phone contact numbers, dates of birth and prompted questions and answers. Customers’ financial information such as credit or debit card details have not been exposed.
The accessed information alone would not have been sufficient to grant access to a Paddy Power customer account and this incident has no impact on customers who opened accounts after 2010.
Paddy Power said it is pro-actively contacting the affected customers and advising them to review other sites where they may have used the same details.
“We sincerely regret that this breach occurred and we apologise to people who have been inconvenienced as a result,” said Peter O’Donovan, MD Online. “We take our responsibilities regarding customer data extremely seriously and have conducted an extensive investigation into the breach and the recovered data. That investigation shows that there is no evidence that any customer accounts have been adversely impacted by this breach. We are communicating with all of the people whose details have been compromised to tell them what has happened.
“Robust security systems and processes are critical to our business and we continuously invest in our information security systems to meet evolving threats. This means we are very confident in our current security systems and we continue to invest in them to ensure we have best in class capabilities across vulnerability management, software security and infrastructure.”