Paddy Power, the bookmaker, has written to almost 650,000 users of its online service advising them that their personal data was breached in a malicious incident in 2010. They say that they had been satisfied at the time that “no financial information or customer passwords had been put at risk” and they did not make the incident public on that occasion.
However, they recently became aware of their customer data being offered to someone in Ontario, Canada and they took action with the local police to retrieve the data. During the course of this action they became aware of the full extent of the compromised data which contains:
“individual customer’s name, username, address, email address, phone contact number, date of birth and prompted question and answer“
The full email sent to customers today advises users to review other websites where they may have used the same security question.
We are contacting you to advise of the details of a cyber attack on our network in 2010. It did not involve any financial information or customer passwords, but some of your personal customer information was accessed by a third party. We take our responsibilities regarding customer data extremely seriously and we sincerely regret that this breach happened.
This information relates to data that was provided when you opened an account with us and contained your name, username, address, email address, phone contact number, date of birth and prompted question and answer. The full extent of the 2010 data breach only became known to us in recent months when Paddy Power took legal action to retrieve the compromised dataset.
We want to reassure you that we have no evidence this data has been used in any malicious way and that it is not possible to access your Paddy Power account with this information alone. We recommend that you review other websites where you use the same prompted question and answer as a security measure and update where appropriate.
Nothing is more important to us than the security and trust of our customers and please be assured that we have taken all the appropriate measures to resolve this incident. We are confident that we presently have the best in class software security to protect our customers’ information. We have also liaised with the Office of the Data Protection Commissioner in relation to this incident.
You can update your account details by logging on to the My Account section of your account or contact our Support Team by clicking here.
If you have concerns, please don’t hesitate to contact us.
The Paddy Power Support Team