Data breach impacts nearly 650,000 Paddy Power customers

31 Jul 2014

Irish bookmaker Paddy Power is contacting 649,055 customers, whose personal, but not financial, details have been compromised in a data breach dating back to 2010.

The compromised data includes customer names, usernames, addresses, email addresses, phone numbers, dates of birth, and question-and-answer prompts.

Paddy Power said no passwords or financial information, such as credit card or debit card details, have been compromised in what it said is an isolated incident. “Customers’ accounts are not at risk as a result,” the company added.

“Paddy Power’s account monitoring has not detected any suspicious activity to indicate that customers’ accounts have been adversely impacted in any way.”

This incident has no impact on customers who opened accounts after 2010.

Canadian involvement

Paddy Power became aware of the full extent of the data breach in May. In recent months, the company took legal action in Canada with the help of the Ontario Provincial Police to retrieve the compromised data set from an individual.

In Ireland, Paddy Power has engaged with the Office of the Data Protection Commissioner.

Paddy Power is now advising customers to review other sites where they use the same question-and-answer prompt as a security measure and to update such prompts accordingly.

Peter O’Donovan, MD Online, Paddy Power, said the company regrets that this breach occurred and apologises to people who have been inconvenienced as a result.

“Robust security systems and processes are critical to our business and we continuously invest in our information security systems to meet evolving threats,” O’Donovan said.

“This means we are very confident in our current security systems and we continue to invest in them to ensure we have best-in-class capabilities across vulnerability management, software security and infrastructure.”

Tina Costanza was a journalist and sub-editor at Silicon Republic

editorial@siliconrepublic.com