Customer data stolen from Paddy Power

The details of more than 649,000 customers have been stolen from the database of gambling operator Paddy Power, reports the Belfast Telegraph

The Irish bookmaker has had data stolen that contains personal information entered by customers who signed up to the Paddy Power online service in years up to and including 2010.

The information that was stolen includes: the names of players, addresses, dates of birth, and even the maiden names of mothers – which are commonly used to verify account details.

However, the stolen data does not include any personal financial information.

In total, the details of 649,055 customers were taken, which represents 29 per cent of Paddy Power’s total online customer base in the year 2010.

Paddy Power’s customers who joined after 2010 have not been impacted by the breach.

The bookmakers only confirmed the breach on Thursday afternoon, despite the data being stolen in 2010. It has not been established why the betting firm has waited until now to inform customers of the data breach.

It is suspected that the firm knew in 2010 that some malicious activity had taken place against its systems, and the bookmaker then carried out a security audit and updated its technology infrastructure.

The betting group – headed up by chief executive Patrick Kennedy – did not inform customers of the potential breach.

It has been reported that the firm were approached earlier this year in May, when they were contacted by a third party who are believed to have told the company that they knew someone in Canada who was in possession of the customer details that had been stolen. It is not known how this person came to find this out, although it has been suspected that the data may have been offered to them.

After this, Paddy Power verified that the data had come from its system. They then started legal proceedings in Ontario in order to secure possession of the computer equipment owned by the person who was holding their customer data. The company liaised with local police in Ontario. It is believed that the person was residing in Toronto.

It is not yet clear if the individual who stole the data will have criminal proceedings initiated against him.

The Data Protection Commissioner has now been informed of the data breach and Paddy Power has started informing its customers.