Irish bookmaker Paddy Power is notifying 649,055 customers that their data was stolen in a breach dating back to 2010.
The compromised data included names, usernames, addresses, email addresses, phone numbers, dates of birth, and prompted questions and answers, according to a Thursday notification, which adds that accounts created after 2010 were not impacted.
Paddy Power detected an attempted breach in 2010 – an investigation revealed that no financial information and customer passwords were accessed, but the company suspected that some other data could have been compromised.
Paddy Power learned in May that an individual in Canada was in possession of company data, which, following a forensic investigation, was determined to be the information compromised in the 2010 attack on Paddy Power's IT systems.