DUBLIN (AP) — Irish betting company Paddy Power announced Thursday it is notifying hundreds of thousands of customers that most of their profile information was stolen in 2010, but hackers did not gain their credit card details or log-in passwords.
Paddy Power defended its four-year delay in reporting the biggest security breach in the company's history by arguing that it didn't know most of the details until much more recently. Online security experts said the fast-growing betting firm should have alerted its customers much sooner.
The Dublin-based company said it had known since 2010 that someone tried to hack into its customers' online accounts and monitored for any signs of fraud or theft, but found no evidence this was happening.
It said it received a tipoff in May that a Toronto-based man had an archive of Paddy Power customers' names, usernames, addresses, emails, phone numbers, birthdates and security questions, including the mothers' maiden names — details useful to impersonate the customers and potentially crack into their personal accounts on other sites.
The company said it secured two Canadian court orders in July ordering the man to surrender his database and permit police searches of his IT equipment and financial records. The man, who was questioned by police, has yet to be charged with any crime.
Continue reading this story on the...