We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
RSS FeedTechnology

Betfair hides credit card data hack from customers


More than three million customers affected by attack

Article comments

Sports betting exchange Betfair failed to notify customers of a massive credit card data theft 18 months ago, it has been revealed.

According to the Daily Telegraph, the company disclosed in an internal report that between 28 March 2010 and 9 April 2010, cyber criminals stole 3.15 million account usernames with encrypted security questions, 2.9 million usernames with one or more addresses and 89,744 account usernames with bank account details.

Customer accounts that existed at 1 February 2010 were affected, yet Betfair made no move to inform customers of the breach because it decided that there was “no risk to customers”.

“Eighteen months ago we were subject to an attempted data theft. Because of our security measures the data was unusable for fraudulent activity and we were able to recover the data intact.

“At the time, we contacted all the relevant authorities and worked closely with them regarding this matter and it was established that there was no risk to customers,” the company said in a statement.

The authorities that Betfair was forced to inform included the UK Serious Organised Crime Agency (SOCA), the German law enforcement agencies, and the Australian Federal Police. It also notified the Royal Bank of Scotland, which was responsible for accepting card payments made via Betfair.

The incident, described in an internal report called ‘Project Brazil Progress Report’, called into question Betfair’s security monitoring systems, as it did not discover the breach for two months after the initial attack. Hackers breached the company’s systems on 14 March 2010, but it was only a server crashing at a data centre in Malta that alerted the company to the attack.

According to the Daily Telegraph, a report on the crime by consultants Information Risk Management described Betfair’s IT security as insufficient.

“Information security was not implemented in accordance with best practice.

“Appropriate information security governance is not in place within Betfair and as a consequence the business has been exposed to significant risks,” the report stated.

Meanwhile, Betfair said that it has now implemented all of the recommendations from independent reports it commissioned into the crime, and that it has "done everything we can to minimise the risk of this happening again." 

Earlier this year, Betfair launched a customer commitment charter setting out 14 promises to customers about the quality of its services, including technology.

One of the promises included ensuring the security of its site and customer data, and to protect customers’ money by keeping it separate from the company’s funds.

The company publishes a progress report against each of the commitments every three months, starting from 1 August.

Share:

Comments

Betfair hides credit card data hack from customers
Technology

What does your perfect datacentre look like?

What does your perfect datacentre look like?

The financial impact of rising energy bills is a headache for companies toomore ..


Glitch hits Virgin Media email distribution lists

Customers' personal information accidentally shared amongst the email chainmore ..

BBC tenders for £5.4m digital services contract

Digital services roster may be 'opened up' to new entrants at regular intervalsmore ..

Guardian, Washington Post win Pulitzer prize for NSA spying coverage

Both publications won the highly coveted Public Service awardmore ..

What UK business needs to do now with big data

In the final of a three-part series, we look at the potential for companies to become victims in the battle for big datamore ..

Ethical questions around big data

In the second of a three-part series, Pat Brans looks at the ethics of collecting 'big data'more ..

Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.



In Depth
How M&A teams can create value by challenging the CEO

How M&A teams can create value by challenging the CEO

A typical “hold” period of nine to 18 months can generate increased sale value more ..

In Depth
What every company needs to do about big data?

What every company needs to do about big data?

In the first of a three part series, Pat Brans explores just how big 'big data' will get? more ..

Advertisement

* *