Skip to main content

Paddy Power humiliated by data breach it took 4 years to fess up to

Online bookies Paddy Power is making an embarrassed apology to 649,055 of their customers who they believe have been affected by a data breach in 2010.

The firm has faced huge amounts of criticism over its failure to properly report the breach. Paddy Power waited until Thursday this week to tell 649,055 customers their names, email address, phone numbers and answers to security questions had been hacked in the breach.

Paddy Power said it had detected malicious activity at the time but, after a detailed investigation, determined that no financial information or customer passwords had been put at risk.

"I am very disappointed that it has taken until now for Paddy Power to inform its customers," Ireland's junior minister with responsibility for data protection Dara Murphy said in a statement on Friday.

"It is best practise to inform the Data Protection Commissioner as soon as these breaches occur, and although these were not breaches of password or financial information, the code of practice should be followed at all times."

Peter O'Donovan, MD Online, Paddy Power, said "We take our responsibilities regarding customer data extremely seriously and have conducted an extensive investigation into the breach and the recovered data. That investigation shows that there is no evidence that any customer accounts have been adversely impacted by this breach."

Despite the breach taking the best part of five years to discover and disclose, O'Donavan remains confident in the company's existing security systems.

"Robust security systems and processes are critical to our business and we continuously invest in our information security systems to meet evolving threats. This means we are very confident in our current security systems and we continue to invest in them to ensure we have best in class capabilities across vulnerability management, software security and infrastructure."

Our advice to Paddy Power users: don't bet on your security. Check back for any suspicious activity on services where you've used the same password, and change the password just in case.

Better yet, check out our look at the best password managers out there, for added security and peace of mind. That way even if you lose your money on your bets, you don't lose your data.