Anatomy Of A Security Breach

By Brian Cullingworth, Last updated Aug 15, 2014

A closer look at the theft of 649,000 player details from Paddy Power

One of the biggest data breaches in online gambling history – the theft of 649,000 player details from online gambling group Paddy Power (see previous InfoPowa reports) – has been examined in detail by the Bloomberg business news service, which reveals:

* In 2010 (when the theft is believed to have occurred) Paddy Power technicians detected what they thought was "malicious activity."

* Three years later, in December 2013, a Canadian affiliate marketer and entrepreneur called Jason Ferguson (45) came across an offer of a player database for sale (something he claims is commonplace on the internet) from an unknown seller apparently based in Malta. The parties negotiated the sale of the database for Euro 6,700 and Ferguson took delivery and presumably used the content in his endeavours to market to players or sell the database on. He claims he was not aware that the database was stolen, and that he did nothing wrong.

* Earlier this year data breach consultant Joe Saumarez Smith became aware of Ferguson's database whilst investigating another and unrelated issue. He contacted Ferguson, who convinced him of the value of the database and sent him a sample to clinch a sale.

* After examining the sample, Saumarez Smith suspected that it may be the property of Paddy Power, and he handed it over to the betting company, which immediately tasked a special team to analyse it. They confirmed that it was Paddy Power material.

* In collaboration with the Ontario courts and police, Paddy Power's legal representatives then obtained court orders for the search of Ferguson's bank account and his computer equipment.

* Ferguson's shock on July 7, when a posse descended on his home office with the court orders can only be imagined. He cooperated, and a hard drive was seized, wiped clean of the Paddy Power information, and returned to him (he has since destroyed it, saying he wants nothing more to do with the issue).

The police found no evidence that might indicate criminal or malicious activity on Ferguson's part, and he has not been prosecuted.

Paddy Power had the embarrassment of belatedly having to tell players about the breach, which received wide media coverage.

In a statement posted on its website on July 31st, the company revealed the breach for the first time publicly, and started alerting the 649,000 customers affected. While the data didn't include account passwords or financial information, and would not have allowed access to customer accounts, the company apologised.

The betting company was also severely criticised by Ireland's Data Protection Commissioner for not reporting the breach timeously.

"I am very disappointed that it has taken until now for Paddy Power to inform its customers," Minister for Data Protection Dara Murphy said in a statement. "While it's not mandatory to report such breaches, it is recommended best practice."

Online Casino News Courtesy of Infopowa

Brian Cullingworth

Infopowa news was a staple of Casinomeister’s news from 2000 until 2019. Brian Cullingworth was the main writer, contributor, and was one of the most knowledgeable persons I have ever known involved in the online casino industry.

We first met in January 2001 at the ICE in London where I observed him going booth to booth interviewing online casino, software, and licensing jurisdiction representatives. Brian was also heavily involved with our forum as “Jetset“, he was involved as an informal consultant to eCOGRA, the OPA, and was a player advocate who assisted countless aggrieved players with his connections to industry folks. He also published “Casino Cautions” via Infopowa news for quite a number of years. These can be found in our news archives.

His passing in February 2019 was a dark day for us. He will be forever missed.


Latest News

It’s That Time of the Year Again: Casinomeister Awards 2024

It’s that time of the year again! Casinomeister Awards for 2024 have been announced, and we give you all the highlights.

By Natasa Milojevic, Last updated Feb 5, 2025
It’s That Time of the Year Again: Casinomeister Awards 2024

New Rating System for Sweepstakes Social Casinos — Now Live!

Casinomeister has a introduced a detailed new rating system for sweepstakes casinos, making it easier to find the right place to play.

By Filip Colovic, Last updated Feb 3, 2025
New Rating System for Sweepstakes Social Casinos — Now Live!

Evolution’s License Getting Dissected by the UKGC Over Suspected Black Market Activity

The big-name live casino provider Evolution Gaming is facing the UKGC’s investigation for suspected black market activity.

By Natasa Milojevic, Last updated Jan 16, 2025
Evolution’s License Getting Dissected by the UKGC Over Suspected Black Market Activity

Spin Into the Festive Spirit With Pragmatic Play and Unwrap an Amazon Voucher

Get in the holiday spirit with Pragmatic Play’s festive tournament and claim up to four €200 Amazon vouchers.

By Natasa Milojevic, Last updated Dec 18, 2024
Spin Into the Festive Spirit With Pragmatic Play and Unwrap an Amazon Voucher

Oshi Casino Exclusive Xmas Promo: 200% Match + 100 Free Spins

Take advantage of this exclusive Christmas offer at Oshi Casino — a 200% match up to $200 and 100 free spins. Grab your promo code here!

By Filip Colovic, Last updated Jan 16, 2025
Oshi Casino Exclusive Xmas Promo: 200% Match + 100 Free Spins