We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
RSS FeedTechnology

Betfair hides credit card data hack from customers


More than three million customers affected by attack

Article comments

Sports betting exchange Betfair failed to notify customers of a massive credit card data theft 18 months ago, it has been revealed.

According to the Daily Telegraph, the company disclosed in an internal report that between 28 March 2010 and 9 April 2010, cyber criminals stole 3.15 million account usernames with encrypted security questions, 2.9 million usernames with one or more addresses and 89,744 account usernames with bank account details.

Customer accounts that existed at 1 February 2010 were affected, yet Betfair made no move to inform customers of the breach because it decided that there was “no risk to customers”.

“Eighteen months ago we were subject to an attempted data theft. Because of our security measures the data was unusable for fraudulent activity and we were able to recover the data intact.

“At the time, we contacted all the relevant authorities and worked closely with them regarding this matter and it was established that there was no risk to customers,” the company said in a statement.

The authorities that Betfair was forced to inform included the UK Serious Organised Crime Agency (SOCA), the German law enforcement agencies, and the Australian Federal Police. It also notified the Royal Bank of Scotland, which was responsible for accepting card payments made via Betfair.

The incident, described in an internal report called ‘Project Brazil Progress Report’, called into question Betfair’s security monitoring systems, as it did not discover the breach for two months after the initial attack. Hackers breached the company’s systems on 14 March 2010, but it was only a server crashing at a data centre in Malta that alerted the company to the attack.

According to the Daily Telegraph, a report on the crime by consultants Information Risk Management described Betfair’s IT security as insufficient.

“Information security was not implemented in accordance with best practice.

“Appropriate information security governance is not in place within Betfair and as a consequence the business has been exposed to significant risks,” the report stated.

Meanwhile, Betfair said that it has now implemented all of the recommendations from independent reports it commissioned into the crime, and that it has "done everything we can to minimise the risk of this happening again." 

Earlier this year, Betfair launched a customer commitment charter setting out 14 promises to customers about the quality of its services, including technology.

One of the promises included ensuring the security of its site and customer data, and to protect customers’ money by keeping it separate from the company’s funds.

The company publishes a progress report against each of the commitments every three months, starting from 1 August.

Share:

Recommended Articles

Comments

Betfair hides credit card data hack from customers
Technology

Security technology checklist for CFOs

Security technology checklist for CFOs

Cyber threats are increasing in scale, scope and frequencymore ..


Diageo turns to tech start-ups to give it the edge

Wants to get ahead of disruptive innovation by putting it in the centre of its businessmore ..

Cloud users only using half of their capacity

Over-provisioning seen as a 'necessary evil'more ..

Asus to launch $199 smartwatch this month

The ZenWatch runs Android Wear and is one of several smartwatches expected at IFA in Berlinmore ..

Who needs big data anyhow?

OPINION: where next for the CFO’s big data budget?more ..

Why your online identity can never really be erased

Privacy advocates agree individuals need to take responsibility for their own privacymore ..

Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.



In Depth
Can finance rise to the challenge of major transformation?

Can finance rise to the challenge of major transformation?

Outdated finance processes, systems and competencies leave too many questions unanswered more ..

In Depth
Interim CFO or consultant? The pros and cons

Interim CFO or consultant? The pros and cons

Ed Harding offers an insight into the life of an interim CFO and the advantages in driving transformation more ..

Advertisement

* *