PaddyPower will today be contacting 649,055 of their customers who they believe have been affected by a data breach in 2010.
In an online statement, the company state that they had detected malicious activity in an attempted breach of its data security system in 2010. On the effects of the breach, the statement says that ‘no financial information or customer passwords were compromised in the isolated incident and customers’ accounts are not at risk as a result.’ However, information including names, usernames, addresses, email addresses, phone numbers and dates of birth of customers were accessed.
The hack came to light in May 2014 as part of an investigation in Canada. The company has contacted the Data Protection Commission and An Garda Síochána about the matter. It advised customers to “review other sites where they use the same prompted question and answer as a security measure and update where appropriate”.
Peter O’Donovan, MD Online, Paddy Power, said “We take our responsibilities regarding customer data extremely seriously and have conducted an extensive investigation into the breach and the recovered data. That investigation shows that there is no evidence that any customer accounts have been adversely impacted by this breach.”
Whilst the breach has taken a very long time to discover and disclose, O’Donavan remains confident in the company’s existing security systems. “Robust security systems and processes are critical to our business and we continuously invest in our information security systems to meet evolving threats. This means we are very confident in our current security systems and we continue to invest in them to ensure we have best in class capabilities across vulnerability management, software security and infrastructure.”
The company also stated they have invested over €4 million in its IT security systems in recent years.