Paddy Power has openly admitted to being the victim of a large-scale online attack in which the cyber-thieves acquired almost 650,000 customers’ personal data.
The worst part? This happened four years ago, yet news of the incident was only passed to Paddy Power clients on Thursday. And yes, that means last Thursday, 31 July, 2014…
The people at Paddy Power claimed that no customer passwords or financial information had been compromised during the e-invasion, and that a ’full investigation’ did not surface any evidence of customers’ accounts being ’adversely impacted’.
Furthermore, the security breach only affects those players who had already opened an account up to 2010, so if you registered any time after that, this shouldn’t concern you.
The criminals’ haul included customer names, phone numbers, addresses (both physical and email), usernames, dates of birth, and security prompt questions and the corresponding answers.
The affected demographic was mostly in the UK (461,000) with the runner-up being Paddy Power’s homeland of Ireland (121,000) with international accounts (67,000) taking third place.
Critical advice has been provided accordingly to customers to have a look at their data on other sites - especially if they utlised the same user information on those sites.
The people at Paddy Power apparently knew about the breach back in 2010 and chose not to inform their clients after conducting a ’detailed investigation’.
Fast forward to May, 2014 when Paddy Power found out that a random Canadian had somehow gained possession of a historical customer database.
Paddy Power managed to obtain the individual’s computer and together with it the confidential information, on July 7, with the Ontario Provincial Police playing a major role in capturing the IT assets.
Paddy Power deleted the confidential files and took other precautionary measures to ensure nothing like it would happen again.
They also scanned the individual’s bank records to see if he had done anything illegal with the information he had access to.
Peter O’Donovan, online managing director at Paddy Power, said that the company has always taken its responsibilities to guard data ’extremely seriously’ and expressed extreme confidence in Paddy’s security systems and processes as of now.
Although this incident obviously brought a lot of bad press to Paddy Power’s door, investors seemingly did not make much of it as the company’s share price actually went up during Thursday’s trading.