Paddy Power Notifies Customers of Massive Data Breach
If you received an email from Paddy Power about your personal data being breached, you are not alone. According to a press release issued on Thursday, the Irish gaming company Paddy Power has recently notified 649,055 of its customers about what the company called "a historical data breach."
While the press release indicates that Paddy Power is being proactive in notifying their customers, the timing of this notification is disturbing to many, since this data breach occurred back in 2010. Many Paddy Power customers are wondering why they are just being notified of a breach now that took place four years ago.
There are conflicting reports as to when Paddy Power was aware of this breach. According to an article published on Flushdraw, the group have been aware of the data breach for years, while the Paddy Power press release suggests they have only discovered about the full extent of the breach a few months ago.
Paddy Power worked with the Ontario Provincial Police in recent months to regain access to the breached data as well as the hardware it was stored upon. They are also working with the Irish Office of the Data Protection Commissioner on this issue on an ongoing basis. The Data Protection Commissioner expressed its disappointment about learning about the 2010 breach only recently, however, they have no ability to fine Paddy Power for the late notification.
What Was Breached? Are You Safe?
The good news is that the breach did not include financial information such as credit or debit card details, or account passwords. Also, if you signed up for Paddy Power after 2010, you were not notified about the data breach since your personal data was not compromised.
This is where the good news ends, however. The data breach included the customer's name, username, address, email address, phone contact number, date of birth, and a security question and answer.
While this seems like it could be enough information to hack into a Paddy Power account, their internal investigation yielded that no customers' accounts have been adversely affected.
If you are one of the Paddy Power customers affected, however, you should consider changing your email address and security question and answer, since these things are in your control and could prevent a future hack into your account.
Paddy Power does seem regretful about the incident, and it is better late than never in notifying affected customers. Paddy Power representative Peter O'Donovan spoke about the hack and said, "We sincerely regret that this breach occurred and we apologize to people who have been inconvenienced as a result."
O'Donovan also believes there is no reason you are not safe playing at Paddy Power, especially since the group has invested over €4 million in its IT security systems since this incident occurred.
"Robust security systems and processes are critical to our business and we continuously invest in our information security systems to meet evolving threats. This means we are very confident in our current security systems and we continue to invest in them to ensure we have best-in-class capabilities across vulnerability management, software security, and infrastructure."
Image courtesy of Delimiter.com.au