http://www.independent.co.uk/news/business/news/betfair-kept-data-theft-under-wraps-2363527.html

Excerpt:

Online gambling firm Betfair admitted today it had not informed its customers that the details of millions of credit cards were stolen in a major cyber-attack 18 months ago.

More than 3.1 million account names with encrypted security questions, 2.9 million usernames, and nearly 90,000 account usernames with bank account details were stolen in an attack in March last year.

Betfair said it did not inform its registered customers of the attack as its security measures made the data unusable for fraudulent activity and it was able to recover the data intact.

I'd be pretty pissed off.

http://uk.finance.yahoo.com/news/Betfair-rough-ride-data-theft-tele-735625357.html?x=0&.v=1

Excerpt:

Nowhere did the prospectus punted to investors by Goldman Sachs (NYSE: GS - news) , Morgan (KOSDAQ: 019990.KQ - news) Stanley (Berlin: SYC.BE - news) , Barclays Capital and Numis Securities detail what had really been going on lately with Betfair's renowned technology.

Namely, that a bunch of cyber-criminals, possibly originating in Cambodia, had breached the company's security systems on March 14, 2010. They had subsequently stolen, among other things, 2.28m "encrypted payment card account numbers and details", 3.16m "account user names with encrypted security questions" and 89,744 "account usernames with bank account details".

Interesting to say the least. In this day and age, the attitude of Betfair is exactly the wrong one to take.

As usual, the salient details are not found in the press report.

Reading between the lines, my take away is there was at least one security audit (of the firewalls, general security processes and procedures, application protections, other areas, is not clear) where the findings were not acted upon.

On Thursday, in its first comments on the affair, Betfair insisted that the data were "unusable for fraudulent activity" and "there was no risk to customers".

They need to add to the quotation above: "in our opinion." When it comes to security, there are very few absolutes, especially, computer based.

shows the difference between industries


the PlayStation network was hacked a few months ago. I have a ps3 and you have to have a PlayStation network to do antyhing worth while like stream netflix or download movies/games from the internet on your hard drive.


they were hacked and not only did they tell us the second they knew, they gave updates on what was going on and what precautions we needed to take damn near everyday. took 3 weeks to fix the leak in the site and to get it back up

i wonder how happy keeneland an del mar were to see this the day after they signed through 2016? Does the LSE have the equivalent of the SEC? If I was a potential investor I would want this disclosed.

How gullible do these companies think the public really are?
They are even trying to PR spin this:

http://www.telegraph.co.uk/finance/newsbysector/retailandconsumer/8800322/Betfair-security-chief-Sean-Catlett-latest-high-profile-departure.html

"Sean Catlett, the director of group security, is expected to leave the company at the end of this month. His exit is known to have been in train for some time, with sources saying it was not related to the theft."

"A Betfair spokesman said: "Sean Catlett is taking on a great opportunity at a security start-up and we will be announcing his replacement in due course."
Mr Catlett is thought to have been in charge of the security team since just before the breach on March 14, 2010, since when there has been considerable upheaval within the department, with the departure of more than 20 security personnel."

Tell the honest truth for once and shame the devil :ThmbDown:

"One Betfair insider said that the departures meant that "almost all the senior security specialists who knew the systems best have now left".