Skip to content ↓ | Skip to navigation ↓

The latest large-scale data breach has affected more than 649,000 customers of the Irish betting company, Paddy Power.

The data breach reportedly stole personal information entered by customers when signing up to the online service as far back as 2010 and prior, including names, addresses and dates of birth. However, the company assures financial information was not compromised, such as credit cards and debit cards. Customers who opened accounts after 2010 are not affected by the breach.

Paddy Power’s Chief Executive Patrick Kennedy confirmed the compromise of their systems today and  has begun notifying customers, although the reason for the notification delay is yet unclear. Some reports claim the company was aware of the attack in 2010 and responded by completing a security audit and updating its technology infrastructure, investing €4 million in IT security systems.

Furthermore, in May of 2014 a third-party of the firm allegedly informed the company that a Toronto, Canada, resident had access to personal details of Paddy Power customers. According to a report on the Belfast Telegraph, the company then initiated legal proceedings to retrieve the data from the individual with the help of Ontario police.

Peter O’Donovan, Paddy Power’s managing director, offered customers an apology for the inconvenience and assured effective response was in place.

“Robust security systems and processes are critical to our business and we continuously invest in our information security systems to meet evolving threats,” said O’Donovan.

“This means we are very confident in our current security systems and we continue to invest in them to ensure we have best in class capabilities across vulnerability management, software security and infrastructure.”

In a statement from the Office of the Data Protection Commissioner, the organization stated to be satisfied with the measures implemented by Paddy Power to prevent a repeat of the incident.

“However, this Office is disappointed that Paddy Power did not report the matter to us back in October 2010 in line with best practice.”

Read More Here…