Paddy Power condemned after waiting FOUR YEARS to tell 650,000 customers of data breach

Bad gamble?

Popular gambling site Paddy Power has been heavily criticised after taking an incredible four years to tell 650,000 customers that their personal data has been compromised in a data breach dating back to 2010.

In a website announcement posted on Thursday in advance of customer notification letters, the company sought to play down the incident that only came to light by chance in May 2014 after it took legal action to recover data from an unnamed individual living in Canada after a tip-off.

Once examined, this data turned out to include customer names, web user names, email and home addresses, phone numbers, dates of birth as well as the answers to security questions for 649,055 who joined the service up to 2010.

Account passwords were not compromised and anyone who joined since the time of the breach would not be affected, the company said.

"We take our responsibilities regarding customer data extremely seriously and have conducted an extensive investigation into the breach and the recovered data," claimed the firm's online managing director, Peter O'Donovan.

"That investigation shows that there is no evidence that any customer accounts have been adversely impacted by this breach," he added.

The firm said it had detected what it described as an "attempted" breach of its systems in 2010 but after investigation decided that no financial information or passwords had been lost.

Despite the PR spin, the company's conduct begs some hard questions.

If it detected a data breach in 2010, why did it not inform the authorities or customers at the time? According to the company's account, the Irish Data Protection Commissioner was only told in May 2014, years after the incident.

It will also sound complacent that the firm has sought to dismiss the breach simply because 'only' personal data was lost; customers might point out that while credit card numbers can be changed, names and dates of birth can't. Financial losses resulting from any breach would have been its responsibility.

"It's shocking to see that Paddy Power has waited over four years to inform its users of the cyber-attack on the company, joining the ranks of eBay and Orange France that also waited far too long between a breach and public disclosure," commented George Anderson of security firm Webroot, hitting the nail square on its head.

"Waiting four years isn't just irresponsible, it's senseless," he said.

Clearswift SVP of engineering Maksym Schipka was equally scathing about the firm's behaviour.

"A breach on this scale, combined with the lack of transparency demonstrated by the company will certainly affect its professional reputation," he said. "It implies a huge failure on Paddy Power's behalf to maintain control and protection of its users' critical information."

The company's incident response is reminiscent of eBay, which in May admitted it had suffered a major data breach of up to 230 million users dating back to February that only came to light after a leak.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments

Latest Videos

Launch marketing council Episode 5: Retailer and supplier

In our fifth and final episode, we delve into the relationship between retailer and supplier and how it drives and influences launch marketing strategies and success. To do that, we’re joined by Campbell Davies, group general manager of Associated Retailers Limited, and Kristin Viccars, marketing director A/NZ, Apex Tool Group. Also featured are Five by Five Global managing director, Matt Lawton, and CMO’s Nadia Cameron.

More Videos

Hi,When online retailers establish their multi channel strategy and they are using or will to use live chatbot to support their customers...

Alice Labs Pte. Ltd.

CMO's top 8 martech stories for the week - 6 May 2021

Read more

Thanks for nice information regarding Account-based Marketing. PRO IT MELBOURNE is best SEO Agency in Melbourne have a team of profession...

PRO IT MELBOURNE

Cultivating engaging content in Account-based Marketing (ABM)

Read more

The best part: optimizing your site for SEO enables you to generate high traffic, and hence free B2B lead generation. This is done throug...

Sergiu Alexei

The top 6 content challenges facing B2B firms

Read more

Nowadays, when everything is being done online, it is good to know that someone is trying to make an improvement. As a company, you are o...

Marcus

10 lessons Telstra has learnt through its T22 transformation

Read more

Check out tiny twig for comfy and soft organic baby clothes.

Morgan mendoza

Binge and The Iconic launch Inactivewear clothing line

Read more

Blog Posts

Getting privacy right in a first-party data world

With continued advances in marketing technology, data privacy continues to play catchup in terms of regulation, safety and use. The laws that do exist are open to interpretation and potential misuse and that has led to consumer mistrust and increasing calls for a stronger regulatory framework to protect personal information.

Furqan Wasif

Head of biddable media, Tug

​Beyond greenwashing: Why brands need to get their house in order first

Environmental, Social and (Corporate) Governance is a hot topic for brands right now. But before you start thinking about doing good, Craig Flanders says you best sort out the basics.

Craig Flanders

CEO, Spinach

​The value of collaboration: how to keep it together

Through the ages, from the fields to the factories to the office towers and now to our kitchen tables, collaboration has played a pivotal role in how we live and work. Together. We find partners, live as families, socialise in groups and work as teams. Ultimately, we rely on these collaborative structures to survive and thrive.

Rich Curtis

CEO, FutureBrand A/NZ

Sign in