One of the UK and Ireland's biggest bookmakers has revealed it was the victim of a massive cyber attack affecting 649,055 customers four years ago.
Paddy Power said no financial information was stolen but the names, usernames, addresses, email contacts, phone numbers and dates of birth of online betting account holders was compromised in the 2010 hacking.
The bookie, famed for its publicity stunts and irreverent marketing campaigns, said the security lapse was an isolated incident.
Some 461,154 customers were registered in the UK, 120,849 in Ireland and 67,052 international.
Paddy Power's managing director of online business Peter O'Donovan insisted no passwords or financial information were taken in the breach and there is no evidence customer accounts have been hit by fraud.
"We sincerely regret that this breach occurred and we apologise to people who have been inconvenienced as a result," he said.
"We take our responsibilities regarding customer data extremely seriously and have conducted an extensive investigation into the breach and the recovered data. That investigation shows that there is no evidence that any customer accounts have been adversely impacted by this breach."
All affected customers are being contacted by the bookie.
Some 87,904 of them are classed as active having placed a bet online this year.
Other information like the maiden names of customers' mothers may also have been taken, Paddy Power said as it advised customers to check their other online accounts that share similar information.
The hack was discovered in May this year when the bookmaker was told a person in Canada was allegedly in possession of an old dataset of Paddy Power customers.
The company reported it to the Garda.
Mr O'Donovan added: "Robust security systems and processes are critical to our business and we continuously invest in our information security systems to meet evolving threats. This means we are very confident in our current security systems and we continue to invest in them to ensure we have best in class capabilities across vulnerability management, software security and infrastructure."
The company said an investigation has shown precisely that the hacking only hit customers who held an account in 2010.
Paddy Power said it takes its responsibilities regarding customer data extremely seriously and it is deeply regrettable that the breach happened.
Ireland's Data Protection Commissioner has been notified.
Paddy Power took legal action in Canada with the assistance of the Ontario Provincial Police to retrieve the compromised dataset from an individual, it said.
The company got two court orders to seize IT assets, to recover the dataset and delete it from the IT systems of one person in the country in the second week in July.
Experts, supported by the Ontario Provincial Police, were also called in to examine the person's bank accounts and financial transactions and to question him.
Paddy Power said it had detected malicious activity in an attempted breach of its data security system in 2010 at the time.
It said a detailed investigation four years ago found no financial information or customer passwords had been put at risk but suspected that some non-financial customer information may have been exposed. It said a full review of security systems was undertaken.
Paddy Power said it has invested more than £3 million in its IT security systems in recent years.
https://uk.news.yahoo.com/bookmaker-reveals-cyber-attack-135849869.html
Tidak ada komentar:
Posting Komentar