Betfair is in for a rough ride over data theft

[Jeffrey Walton <noloader () gmail com>]

http://www.telegraph.co.uk/finance/newsbysector/retailandconsumer/8797993/Betfair-is-in-for-a-rough-ride-over-data-theft.html

Among 13 pages of risk factors was the generic heading: "Failure to
adequately protect customer account information could have a material
adverse effect on Betfair."
...

Nowhere did the prospectus – punted to investors by Goldman Sachs,
Morgan Stanley, Barclays Capital and Numis Securities – detail what
had really been going on lately with Betfair's renowned technology.
Namely, that a bunch of cyber-criminals, possibly originating in
Cambodia, had breached the company's security systems on March 14,
2010. They had subsequently stolen, among other things, 2.28m
"encrypted payment card account numbers and details", 3.16m "account
user names with encrypted security questions" and 89,744 "account
usernames with bank account details".

Indeed, a progress report marked "Betfair Critical Confidential" tells
how "the attacker did indeed manage to copy the entire Sportex
database" – the one that contains all cardholder details. The report
is dated September 27, 2010. That's just six days after the company
announced its "intention to list" – a statement containing Yu's
explanation of how "Betfair's unique and highly sophisticated exchange
platform technology is at the very heart of the company's success".
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/