As reported previously, Betfair admitted that data on more than three million of its customers – including 2.9 user names and almost 90,000 bank account details – was hacked by cybercriminals, possibly from Cambodia.
The revelation came to light late last week as the betting exchange said it did not disclose in last year’s flotation prospectus the details of attack on customers’ payment card details.
Betfair - which claims to process five million transactions a day - did not inform its customers about the theft, which it said was of no fraudulent use to the cybercriminals because of encryption and which was recovered intact. It also says it informed the Serious Organised Crime Agency of the attack.
According to Information Age, Sean Catlett - Betfair's security director - left the betting exchange to work at a start-up company in the US. Prior to joining Betfair in October of 2009, the IT newswire says that Catlett had been head of threat management at Barclays and a senior vice president at Bank of America.
The Daily Telegraph, meanwhile - and which broke the Betfair story late last week – has reported that Catlett is the latest security professional to leave the company since the data breach last year, with the exchange's head of application security, an application security specialist and data protection manager all having left the business.
Back at Information Age, meanwhile, and there are hints that the Information Commissioner's Office may yet take action against Betfair, as the newswire quotes the ICO as saying that a failure to notify its office of a data breach “would be taken into account when the ICO came to decide penalties for any breach of the Data Protection Act.”