Paddy Power, the bookmaker, has written to almost 650,000 users of its online service advising them that their personal data was breached in a malicious incident in 2010. They say that they had been satisfied at the time that “no financial information or customer passwords had been put at risk” and they did not make the incident public on that occasion.
However, they recently became aware of their customer data being offered to someone in Ontario, Canada and they took action with the local police to retrieve the data. During the course of this action they became aware of the full extent of the compromised data which contains:
“individual customer’s name, username, address, email address, phone contact number, date of birth and prompted question and answer“
I phoned security consultant Brian Honan to discuss the implications of this news: click on the player above to hear the podcast of our conversation, or download this MP3 (13:58; 8MB; MP3).
The full email sent to customers today advises users to review other websites where they may have used the same security question.
We are contacting you to advise of the details of a cyber attack on our network in 2010. It did not involve any financial information or customer passwords, but some of your personal customer information was accessed by a third party. We take our responsibilities regarding customer data extremely seriously and we sincerely regret that this breach happened.
This information relates to data that was provided when you opened an account with us and contained your name, username, address, email address, phone contact number, date of birth and prompted question and answer. The full extent of the 2010 data breach only became known to us in recent months when Paddy Power took legal action to retrieve the compromised dataset.
We want to reassure you that we have no evidence this data has been used in any malicious way and that it is not possible to access your Paddy Power account with this information alone. We recommend that you review other websites where you use the same prompted question and answer as a security measure and update where appropriate.
Nothing is more important to us than the security and trust of our customers and please be assured that we have taken all the appropriate measures to resolve this incident. We are confident that we presently have the best in class software security to protect our customers’ information. We have also liaised with the Office of the Data Protection Commissioner in relation to this incident.
You can update your account details by logging on to the My Account section of your account or contact our Support Team by clicking here.
If you have concerns, please don’t hesitate to contact us.
Regards,
The Paddy Power Support Team
Security Expert Brian Honan on the Paddy Power Data Breach [Audio] http://t.co/lzP0YZCmsx #security #privacy
Conn Ó Muíneacháin liked this on Facebook.
RT @blacknight: Special Podcast: Security Expert @BrianHonan on the Paddy Power Data Breach http://t.co/I3N76Vu8es
RT @mneylon: Security Expert Brian Honan on the Paddy Power Data Breach [Audio] http://t.co/lzP0YZCmsx #security #privacy
RT @blacknight: Special Podcast: Security Expert @BrianHonan on the Paddy Power Data Breach http://t.co/I3N76Vu8es
Extra Podcast: Interview with @BrianHonan on the Paddy Power Data Breach http://t.co/iehAe0TCkJ
RT @conn: Extra Podcast: Interview with @BrianHonan on the Paddy Power Data Breach http://t.co/iehAe0TCkJ
RT @blacknight: Special Podcast: Security Expert @BrianHonan on the Paddy Power Data Breach http://t.co/I3N76Vu8es
RT @conn: Extra Podcast: Interview with @BrianHonan on the Paddy Power Data Breach http://t.co/iehAe0TCkJ
Security Expert Brian Honan on the Paddy Power Data Breach [Audio] http://t.co/0ifasxfOTa
RT @blacknight: Security Expert Brian Honan on the Paddy Power Data Breach [Audio] http://t.co/0ifasxfOTa
RT @blacknight: Security Expert Brian Honan on the Paddy Power Data Breach [Audio] http://t.co/0ifasxfOTa