3 million credit card details stolen - but Betfair didn’t tell its punters

ONLINE gambling firm Betfair admitted today it had not informed its customers that the details of millions of credit cards were stolen in a major cyber-attack 18 months ago.
By The Newsroom
Published 30th Sep 2011, 12:31 BST

More than 3.1 million account names with encrypted security questions, 2.9 million usernames, and nearly 90,000 account usernames with bank account details were stolen in an attack in March last year.

Betfair said it did not inform its registered customers of the attack as its security measures made the data unusable for fraudulent activity and it was able to recover the data intact.

Hide Ad
Hide Ad

A report commissioned into the theft was published on September 27 last year - six days after Betfair announced its intention to float on the London Stock Exchange.

Details of the attack come after Japanese computer games giant Sony revealed it had suffered two massive attacks on its Playstation network, in which the data of around 100 million users were stolen.

A Betfair spokesman said it decided not to disclose the attack on the advice of the UK’s Serious Organised Crime Agency, which suggested disclosure could have an impact on its investigation.

A review of security has been concluded since the attack, he added, and Betfair’s systems have been strengthened so they now conform with best practice guidelines on the protection of customer details.

He said: “We have subsequently implemented all of the recommendations from the independent reports we commissioned and have done everything we can to minimise the risk of this happening again.”