650,000 online gambling customers exposed to ID theft

People who signed up for Paddy Power’s online services had their personal data compromised in 2010.  Company officials detected a cyber incident that year and suspected customer information might have been exposed – but did not notify customers at the time.

The company was informed in May 2014 that an individual in Canada allegedly possessed a customer data set.

An investigation determined some personal information on about 650,000 customers indeed was compromised during a “cyberattack on Paddy Power’s IT systems in 2010,” according to a July 31, 2014 notice on the company’s website.

Most of the affected customers, more than 461,000, were in the U.K., while almost 121,000 were in Ireland and 67,000 elsewhere, the Wall Street Journal reports.

Even though “Paddy Power didn’t know back then as to the extent of the infiltration, customers still weren’t told of a potential breach,” the Irish Independent reports.

Data compromised includes the individual customer’s name, user name, address, email address, phone contact number, date of birth and security questions and answers.

The company notice states, “Paddy Power had detected malicious activity in an attempted breach of its data security system in 2010. A detailed investigation was undertaken at the time and determined that no financial information or customer passwords had been put at risk. It was, however, suspected that some non-financial customer information may have been exposed and a full review of security systems was undertaken.”

Company officials say no financial information or customer passwords were accessed and customer accounts are not at risk.

“The accessed information alone would not have been sufficient to grant access to a Paddy Power customer account,” the notice states.