On Monday, sportsbetting, casino and poker operator Bet24 issued a notice to its customers that it had been the victim of an online security breach dating back to December 2009. The Malta-licensed operator, owned by entertainment broadcaster Modern Times Group, claims that police had informed them of the arrest of individuals found to be in possession of “unauthorized copies of personal customer information” obtained “by means of illegal electronic access to [Bet24’s] database, which is believed to have taken place in December 2009.”
Bet24 claims to have no info indicating any unauthorized access to their database since that date, and that accounts registered after Oct. 31, 2009 are not believed to have been affected. However, for customers who held accounts prior to that date, info including customer names, postal addresses, email addresses, dates of birth, Bet24 account user names, Bet24 account user ID numbers, Bet24 account passwords, Bet24 account balances, and, in some cases, telephone numbers and IP addresses, may have been compromised. (Read the full Bet24 security info notice.)
To date, Bet24 claims that a “small number” of its customers have reported unauthorized activity on their Bet24 accounts, but that these customers have been fully reimbursed for any financial losses incurred on their accounts. To Bet24’s knowledge, no encrypted payment card info has yet been decrypted. Bet24 says it is working with the police to determine the true scope of the problem, including how the breach occurred and how the purloined info is being used. Bet24 also sought to reassure its customers that it conducted a “thorough security review” last year, and completed further upgrades to its network security.
All well and good, but the question most Bet24 customers will likely be asking is, if Bet24 was aware that it had been hacked in Dec. 2009, why did it take 19 months for them to inform players?