Avoid Taking Gambles with Data Security

The Irish-based gambling firm Paddy Power announced on 31 July that they suffered a data breach in 2010, resulting in hackers plundering the personal details of 649,000 customers.

While no credit card data was stolen, the infiltrators made off with personal information of Paddy Power customers, including their names, addresses, and dates of birth.

According to public reports, Paddy Power reacted to the breach in 2010 by upgrading its technology infrastructure, however by then the damage had been done; Paddy Power not only had to pay large fees to clean up the proverbial personal information oil spill, but is now faced with the prospect of reputational damage. Even for their clientele who are some of the biggest risk takers, the idea of having their personal information stolen is enough to make many people fold.

Beyond the data breach itself, the obvious problem here is the 4 years it took for affected customers to be notified. Even the Irish government has expressed disappointment in Paddy Power for taking such a long amount of time. Based on this, many will be watching to see what flow-on effects may occur in relation to Ireland’s Data Protection rules.

The incident is a stark reminder for businesses across Ireland, the UK and broader Europe that hacking is a growing profession and European companies are a ripe target. Hacking offers large potential gains and as the ease at which stolen data can be acquired only continues to increase, so grows the risk of suffering a data breach. A recent study shows that data breaches pose a greater risk than ever before, and for good reason.

Personal information is worth more than you would think on the black market; even a single paired name and a date of birth can be sold for $11, and a royal straight flush of personal information, also known as a Fullz, is worth up to $40 per record. If the hackers who infiltrated Paddy Power’s network ever sold all 649,000 of the personal information they stole, they would be making more money than most of the people who win in one of Paddy Power’s lotteries.

The key message here is that when it comes to data security, reaction is pointless; proaction is the only way to keep sensitive data safe. Ground Labs has built its technologies around this thinking, to help prevent the unfortunate scenario of suffering a data breach from happening to any businesses dealing with sensitive customer data.

The approach is simple: If you know where your sensitive customer data is, only then can you take steps to secure it using encryption, tokenization, or the best protection of all: Deletion. Like with many organisations who use our products come to learn, the biggest threat isn’t the data storage you already know about, it’s the vast amounts of customer information you don’t know about which don’t have any security controls around. The best course of action is to delete it, because Hackers can’t steal what’s not there.

The tool we offer to help identify and secure sensitive customer information is Data Recon. Data Recon enables companies to search their systems for sensitive data such as names, addresses, passport numbers, and more, and then take actions to secure that data.

Once the data is found, you can choose to permanently delete it, encrypt it, quarantine it or even mask cardholder data if you find it.

It’s a simple way to keep from being the next privacy data breach headline because after all, hackers can’t steal what isn’t there.

Read more about our Data Recon and other data discovery tools on our website here.