Ireland Government Blasts Paddy Power Failure to Expose Breach
Government officials in Ireland have slammed that country’s largest bookmaker for failing to alert the public regarding a massive data breach that occurred in October 2010. News of the breach only became known on Thursday (July 31, 2014), nearly four years later.
"I am very disappointed that it has taken until now for Paddy Power to inform its customers," said Dara Murphy, minister of state at the departments of the prime minister and foreign affairs with special responsibility for European affairs and data protection.
The bookmaker claims that no credit card information or client passwords were stolen as a result of the breach but that some 650,000 customers were affected and only informed on Thursday. Information compromised included phone numbers, date of birth, home addresses and security questions and answers. Similar information is often used in identity theft cases.
Paddy Power failed to inform the Office of the Data Protection Commissioner at the time of the security breach.
Still, Murphy appeared encouraged by steps the bookmaking firm has taken since the incident.
"Paddy Power put in place increased security measures after the breach in 2010 and I have been in touch with the Office of the Data Protection Commissioner, which met with Paddy Power representatives this week," Murphy said in a statement.
"My office and that of the Data Protection Commissioner will be working closely in relation to this matter," he said.
"It is best practice to inform the commissioner as soon as these breaches occur, and although these were not breaches of password or financial information, the data security breach code of practice should be followed at all times in order to safeguard personal information and assure customers that their data is secure," he added.
- Aaron Goldstein, Gambling911.com