Accessibility/Mobile Features
Skip Navigation
Skip to Content
Editorial News
Business
Classified Sites

The Canadian Press - ONLINE EDITION

Irish betting company Paddy Power apologizes for 2010 data breach involving 649,055 customers

DUBLIN - Irish betting company Paddy Power announced Thursday it is notifying hundreds of thousands of customers that most of their profile information was stolen in 2010, but hackers did not gain their credit card details or log-in passwords.

Paddy Power defended its four-year delay in reporting the biggest security breach in the company's history by arguing that it didn't know most of the details until much more recently. Online security experts said the fast-growing betting firm should have alerted its customers much sooner.

The Dublin-based company said it had known since 2010 that someone tried to hack into its customers' online accounts and monitored for any signs of fraud or theft, but found no evidence this was happening.

It said it received a tipoff in May that a Toronto-based man had an archive of Paddy Power customers' names, usernames, addresses, emails, phone numbers, birthdates and security questions, including the mothers' maiden names — details useful to impersonate the customers and potentially crack into their personal accounts on other sites.

The company said it secured two Canadian court orders in July ordering the man to surrender his database and permit police searches of his IT equipment and financial records. The man, who was questioned by police, has yet to be charged with any crime.

The company said it is sending emails to 649,055 customers — representing nearly 30 per cent of its online gamblers in 2010 — advising them to consider changing their security question on all online accounts.

"We sincerely regret that this breach occurred and we apologize to people who have been inconvenienced as a result," said Peter O'Donovan, managing director of online operations.

Internet security experts said Paddy Power customers could be targeted by "spear-phishers" asking them to change their passwords in hopes of receiving their new log-in credentials.

Maksym Schipka, an information security specialist at British cyber-security firm Clearswift, said the four-year failure to identify what data had been stolen suggests "a huge failure on Paddy Power's behalf to maintain control and protection of its users' critical information."

But investors shrugged off the news, sending Paddy Power shares nearly 1 per cent higher to 52.76 euros ($54.10) in Dublin.

  • Rate this Rate This Star Icon
  • This article has not yet been rated.
  • We want you to tell us what you think of our articles. If the story moves you, compels you to act or tells you something you didn’t know, mark it high. If you thought it was well written, do the same. If it doesn’t meet your standards, mark it accordingly.

    You can also register and/or login to the site and join the conversation by leaving a comment.

    Rate it yourself by rolling over the stars and clicking when you reach your desired rating. We want you to tell us what you think of our articles. If the story moves you, compels you to act or tells you something you didn’t know, mark it high.

Sort by: Newest to Oldest | Oldest to Newest | Most Popular 0 Commentscomment icon

You can comment on most stories on brandonsun.com. You can also agree or disagree with other comments. All you need to do is register and/or login and you can join the conversation and give your feedback.

There are no comments at the moment. Be the first to post a comment below.

Post Your Commentcomment icon

Comment
  • You have characters left

The Brandon Sun does not necessarily endorse any of the views posted. Comments are moderated before publication. By submitting your comment, you agree to our Terms and Conditions. New to commenting? Check out our Frequently Asked Questions.

letters

Make text: Larger | Smaller

Brandon Sun Business Directory
The First World War at 100
Why Not Minot?
Welcome to Winnipeg

Social Media

Canadian Mortgage Rates