Paddy Power Logo

Paddy Power Had Data for 650,000 Customers Stolen


PaddyPower is a big name in European online gambling. The Irish company has one of the better marketing teams in the industry, who produce funny and inventive ways to promote the company. They are going to find their jobs a lot harder in the coming days and weeks, as it is being reported today that information on just under 650,000 Paddy Power customers had been stolen from the companies database. In 2010.

The stolen data includes personal information on 649,055 PaddyPower customers who signed up for the site in 2010. The data includes names, addresses, dates of birth, mothers maiden names, and other personal information used to set up an online account. What was not taken, however, was any financial information such as bank account numbers or credit card information. Around 120,000 of the impacted accounts belong to Irish residents, and only accounts set up before the end on 2010 are part of the stolen data.

The information was stolen back in 2010, during a cyberattack on Paddy Power’s database. The company was aware of the incursion at that time, but today is the first time that any of PaddyPower’s customers had been advised that their information had been compromised. In a statement from PaddyPower, the company’s Managing Director of Online, Peter O’Donovan, said: “We sincerely regret that this breach occurred and we apologise to people who have been inconvenienced as a result… We take our responsibilities regarding customer data extremely seriously and have conducted an extensive investigation into the breach and the recovered data. That investigation shows that there is no evidence that any customer accounts have been adversely impacted by this breach. We are communicating with all of the people whose details have been compromised to tell them what has happened.

“Robust security systems and processes are critical to our business and we continuously invest in our information security systems to meet evolving threats.  This means we are very confident in our current security systems and we continue to invest in them to ensure we have best in class capabilities across vulnerability management, software security and infrastructure.”

The data has been recovered after the company had been approached by an unknown third party, advising that the data was in the hands of an individual in Canada. PaddyPower confirmed that this data was indeed from the company’s database, and began legal proceedings in Ontario in order to reclaim the data, as well as the hardware it was stored on. The operation included local police in Ontario, with the subject of the investigation apparently living in Toronto. No charges have yet been brought as yet, but have not been ruled out. It’s not been announced if the person in possession of the stolen information was in the process of selling it, or if he/she had already sold the data on to another party.

A spokesman for the Irish Data Protection Commissioner has been quoted as saying the agency is “disappointed” the PaddyPower is only just bringing this breach to light now, rather than advising the agency of the breach in 2010. PaddyPower is reported to have only advised them in May of this year.

The office of the Irish Data Protection Commissioner has no legal powers to fine PaddyPower for the breach, but can comment on the situation in the commissioner’s annual report, which will be issued in May 2015. We contacted the office of the Data Protection Commissioner, and received a response, the relevant parts are reproduced below:

“On the 12th May, 2014 Paddy Power notified this Office of a data security breach in accordance with our Personal Data Security Breach Code of Practice. This Office then launched an investigation into the matter…

“We understand Paddy Power had identified the attack back in October 2010 and implemented security measures to stop the attack. Following discussions, this Office is satisfied with the measures implemented by Paddy Power to prevent a repeat of this type of incident. In line with our approach to data breaches generally, we have advised the organisation to notify affected individuals and we understand that Paddy Power is commencing that process today.  This Office would recommend that affected individuals follow the advice given by Paddy Power to change their security questions on any other sites where they may have been used.

“Our investigation of this matter is continuing and we anticipate that further recommendations will issue from this Office to Paddy Power in relation to security of data.”

Why Paddy Power has taken so long to announce this cyberbreach is unknown, and what, if any, sanctions the company will have to face is still unclear.

Paddy Power are now in the process of contacting the affected accounts. If you are concerned your details may have been compromised, please contact Paddy Power’s support team by emailing [email protected], or by calling them on +353 1 905 0132.

<EDIT> Paddy Power have responded to our email, and we have received a standard statement that includes the quotes above. We have asked further questions, and will edit again if/when we receive a response.


Leave a Comment



filter by

Haley Hintze

16th July 2019 // Industry, Legal News, Misc, News

Suncity Macau Junket Operation Under Duress Amid Online Gambling Accusations

There’s again a sense of unease in the junketeering world through which affluent Chinese gamblers have been able...

Haley Hintze

14th July 2019 // Legal News, Misc, News

Southern Missouri Cardroom Raided, Closed by Authorities

A relatively new poker room that attempted to operate in Missouri’s capital city of Springfield has been...

Haley Hintze

14th July 2019 // Industry, Misc, News

Rob Yong, John Duthie Announce Launch of Anti-Cheating Cooperative Fairplay

UK-based online-poker stalwarts Rob Yong and John Duthie have announced the launch of Fairplay, an anti-cheating...

Haley Hintze

12th July 2019 // Legal News, Misc, News

WPT Winner Dennis Blieden Charged with Embezzlement of $22 Million

Ohio native and current Nevada resident Dennis Blieden, known best in poker circles for winning the 2018 World Poker...

Dan Katz

12th July 2019 // Industry, News

Pluribus Poker Bot Crushes Pro Players in Six-Handed Cash Game

The poker bots have been at it again, crushing human players on the virtual felt. But no, this is not an article about...

Haley Hintze

11th July 2019 // Industry, Legal News, Misc, News

Legal Turmoil Remains as Pennsylvania Online Gambling Launch Looms

An unsettled legal situation remains active in Pennsylvania just days before the official July 15 launch date for one...