DUBLIN Aug 1 Ireland's government criticised
bookmaker Paddy Power for delays in reporting a
data breach that occurred in 2010 and which compromised the
personal information of more than half a million customers.
Paddy Power waited until Thursday to tell 649,055 customers
their names, email address, phone numbers and answers to
security questions had been hacked in the breach.
It said it had detected malicious activity at the time but,
after a detailed investigation, determined that no financial
information or customer passwords had been put at risk.
"I am very disappointed that it has taken until now for
Paddy Power to inform its customers," Ireland's junior minister
with responsibility for data protection Dara Murphy said in a
"It is best practise to inform the Data Protection
Commissioner as soon as these breaches occur, and although these
were not breaches of password or financial information, the code
of practice should be followed at all times."
Paddy Power, which has been at the forefront of a surge in
online customer growth in the betting sector, said it contacted
the Data Protection Commissioner and police after it was advised
in May of an allegation that the data hacked in 2010 was in the
possession of an individual in Canada.
The bookmaker received orders from a Canadian court in July
to recover the dataset and examine the individual's bank
accounts and financial transactions.
It said it had suspected that some non-financial customer
information may have been exposed and a full review of security
systems was undertaken.
Concerns over the vulnerability of private data online have
risen after a series of attacks by cyber criminals, including
the large-scale theft of payment card data at U.S. retailer
Target Corp during the holiday shopping season in late
In its email to affected customers, Paddy Power said there
was no evidence the data had been used maliciously but it
recommended that they review other websites where they had used
the same prompted security question and answer.
"We sincerely regret that this breach occurred and we
apologise to people who have been inconvenienced as a result,"
Peter O'Donovan, Paddy Power's managing director of online, said
in a statement.
"Robust security systems and processes are critical to our
business and we continuously invest in our information security
systems to meet evolving threats. This means we are very
confident in our current security systems."
(Reporting by Padraic Halpin, editing by John Stonestreet)