Paddy Power condemned after waiting FOUR YEARS to tell 650,000 customers of data breach

Bad gamble?

Popular gambling site Paddy Power has been heavily criticised after taking an incredible four years to tell 650,000 customers that their personal data has been compromised in a data breach dating back to 2010.

In a website announcement posted on Thursday in advance of customer notification letters, the company sought to play down the incident that only came to light by chance in May 2014 after it took legal action to recover data from an unnamed individual living in Canada after a tip-off.

Once examined, this data turned out to include customer names, web user names, email and home addresses, phone numbers, dates of birth as well as the answers to security questions for 649,055 who joined the service up to 2010.

Account passwords were not compromised and anyone who joined since the time of the breach would not be affected, the company said.

"We take our responsibilities regarding customer data extremely seriously and have conducted an extensive investigation into the breach and the recovered data," claimed the firm's online managing director, Peter O'Donovan.

"That investigation shows that there is no evidence that any customer accounts have been adversely impacted by this breach," he added.

The firm said it had detected what it described as an "attempted" breach of its systems in 2010 but after investigation decided that no financial information or passwords had been lost.

Despite the PR spin, the company's conduct begs some hard questions.

If it detected a data breach in 2010, why did it not inform the authorities or customers at the time? According to the company's account, the Irish Data Protection Commissioner was only told in May 2014, years after the incident.

It will also sound complacent that the firm has sought to dismiss the breach simply because 'only' personal data was lost; customers might point out that while credit card numbers can be changed, names and dates of birth can't. Financial losses resulting from any breach would have been its responsibility.

"It's shocking to see that Paddy Power has waited over four years to inform its users of the cyber-attack on the company, joining the ranks of eBay and Orange France that also waited far too long between a breach and public disclosure," commented George Anderson of security firm Webroot, hitting the nail square on its head.

"Waiting four years isn't just irresponsible, it's senseless," he said.

Clearswift SVP of engineering Maksym Schipka was equally scathing about the firm's behaviour.

"A breach on this scale, combined with the lack of transparency demonstrated by the company will certainly affect its professional reputation," he said. "It implies a huge failure on Paddy Power's behalf to maintain control and protection of its users' critical information."

The company's incident response is reminiscent of eBay, which in May admitted it had suffered a major data breach of up to 230 million users dating back to February that only came to light after a leak.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments

Latest Videos

Conversations over a cuppa with CMO: Craig Davis

​Leadership resilience, startups scaling up, marketing best practices, customer insights - these are just a few of the topics we manage to explore in the latest episode of Conversations over a Cuppa with CMO featuring Craig Davis.

More Videos

JP 54, D2, and D6 EN590,JET A1 AVAILABLE ON FOB DIP AND TEST IN SELLER TANKWe Can supply Aviation Kerosene,Jet fuel (JP 54-A1,5), Diesel ...

Collins Johnson

Oath to fully acquire Yahoo7 from Seven West Media

Read more

This article gave me a better understanding about content creation. I learned a lot like this website https://a2designlab.com/ also offer...

Ryota Miyagi

How Remedy is using digital marketing and commerce to drive conversion

Read more

JP 54, D2, and D6 EN590,JET A1 AVAILABLE ON FOB DIP AND TEST IN SELLER TANKWe Can supply Aviation Kerosene,Jet fuel (JP 54-A1,5), Diesel ...

Collins Johnson

Oath to fully acquire Yahoo7 from Seven West Media

Read more

JP54,D2, D6, JetA1 EN590Dear Buyer/ Buyer mandateWe currently have Available FOB Rotterdam/Houston for JP54,D2, D6, JetA1 with good and w...

Collins Johnson

3-pronged marketing approach for property disruptor Brickx

Read more

With a response rate of 80-90%, a well optimized chatbot is a must-have for every business. Check out this link to explore how you can en...

Drishti Khurana

How NRMA’s Arlo the Koala chatbot won over customers

Read more

Blog Posts

Life beyond the cookie: 5 steps to mapping the future of marketing measurement

​There’s no denying there’s been a whirlwind of response to the imminent demise of the third-party cookie from all parts of the industry. But as we’ve collectively come to better understand the implications, it’s clear this change is giving the digital advertising industry the opportunity to re-think digital marketing to support core industry use cases, while balancing consumer privacy.

Natalie Stanbury

Director of research, IAB Australia

Ensuring post-crisis success

The COVID-19 pandemic has exposed brands’ CX shortcomings and a lack of customer understanding. Given ongoing disruption, customer needs, wants and expectations are continually changing, also causing customers to behave in different ways. Just look at hoarding toilet paper, staple and canned food, medicinal and cleaning products.

Riccardo Pasto

senior analyst, Forrester

A few behavioural economics lesson to get your brand on top of the travel list

Understanding the core principles of Behavioural Economics will give players in the travel industry a major competitive advantage when restrictions lift and travellers begin to book again. And there are a few insights in here for the rest of the marketing community, too.

Dan Monheit

Co-founder, Hardhat

Sign in