Original URL: http://www.theregister.co.uk/2010/01/25/ladbrokes_data_fail/

Ladbrokes, police probe data breach

Millions of customer profiles for sale

By John Oates

Posted in Security, 25th January 2010 12:19 GMT

Ladbrokes is investigating the loss of thousands of customer details from one of its databases, but is reassuring gamblers that the information did not include bank details or passwords.

The Mail on Sunday was approached by an Australian man named Daniel who claimed to have access to Ladbrokes' database of 4.5 million customers. Daniel gave the paper 10,000 customer files to show he was serious.

The man, who claimed to represent a Melbourne-based firm, said he had worked for Ladbrokes as a security consultant two years before. He said he'd been given the information by a relatively junior member of staff.

Ladbrokes said passing on the information was a criminal offence and it was working with police and the Information Commissioner's Office to identify the culprit.

Ladbrokes said: "We are in the process of contacting the limited number of customers affected by this incident to apologise and to reassure them that the data in question does not include passwords to access customer accounts or any customer banking details."

The Information Commissioner's Office thanked the paper for bringing the breach to its attention. The ICO said the story showed the need for prison sentences for those convicted of trading in private data. ®