Ladbrokes Customer Data For Sale By "Mysterious Australian"
January 27, 2010 12:24 pmBritish based gambling company Ladbrokes, has confirmed that its private customer data base has been compromised and a “limited amount” of information stolen.
The news of the breech in security broke on Sunday, after UK newspaper the Daily Mail claimed it had been approached by a “mysterious Australian” who claimed to have worked for Ladbrokes in the past. Apparently, the man asserted he was a computer security expert and then offered to sell them 10,000 Ladbrokes customers details, which the newspaper claimed held “customers’ home addresses, details of their gambling history, customer account numbers, dates of birth, phone numbers and email addresses.”
Allegedly, the mysterious man said he was a representative of Australian IT company, DSS Enterprises, which is operated by Sri Lankan-born IT expert Dinitha Subasinghe. He called himself Daniel, used the e-mail address ‘theinsidescoopuk’ and said the information came to him by a ‘relatively junior’ member of staff who was looking for a buyer.
Following news of the investigation, Mr Subasinghe said: “I have no access to any Ladbrokes database or any other information. I provided analytical services to them for 18 months during 2007 and 2008. Unless my name, my signature, my fingerprint is on anything, it has nothing to do with me. I had a call from a senior person at Ladbrokes this morning. I did not take the call. I don’t know what they are ringing me about.”
As the Information Commissioner’s Office (ICO) continue with their investigation, Ladbrokes were quick to apologise for the incident and assure their 4.5 million customers with accounts that all measures were being taken to protect their customer’s personal information. Ladbrokes Head of Public Relations Ciaran O’Brien commented:
“This is a criminal act and we are working with the police, the Information Commissioner’s Office and the newspaper to identify and apprehend the culprit. Importantly, we do not believe that customer accounts or banking data can be accessed.”