Paddy Power, the Irish bookmaker with betting shops in Ireland and the UK, recently informed 649,055 customers of a data breach which occurred in 2010.
Included within the datasets stolen from Paddy Power in 2010 were personnel data such as each individual customer's name, email address, residential address, phone number, date of birth and security prompted question and answer data. Following a report to Paddy Power that a Canadian resident was in possession of the stolen data, Paddy Power launched an investigation aided by the Ontario Provincial Police. With the aid of asset seizure warrants, Paddy Power was able to secure the removal of its customers personal data from the hacker's computers.
Under UK Data Protection Law, unlike in some other EU countries, the data controller is not obliged to report the loss of personnel data held. Nevertheless the Information Commissioner's Office believes serious breaches of data security should be brought to the attention of the office. It has therefore published a guidance on notifications of data security breaches.
No comments:
Post a Comment