To read the full report: Bet24 players victims of electronic data theft
SBR: When did it first become apparent that individuals were in possession of customer data, and how do we know that customers registered after fall of 2009 weren't effected?
Bet24: Very recently we have been informed by the police authorities, following an arrest on their side. We have also made us aware that several other companies have experience unlawful intrusions and data were found with the arrested persons. We have no information to indicate any unauthorised access to our database or breach of our security systems since December 2009, and we have no reason to believe that accounts registered after 31 October 2009 are affected in any way.
SBR: How is it estimated that clients who registered from April 2007-October 2009 were less impacted by the security hole?
Bet24: Customers who registered from April 2007—October 2009, the stolen information does NOT include any personal details or passwords and is NOT therefore sufficient to enable access to accounts. Furthermore, we are not aware of any instances of illegal access to these accounts. The encrypted payment card information has NOT to our knowledge been decrypted, and review by internet security specialists confirms that the level of encryption is very high. In addition, NO payment card security codes are stored on the BET24 database For customers with account registered as at 28th of April 2007 the stolen information contains BET24 account user ID numbers and BET24 account passwords. For this reason BET24 passwords for all customers who had registered accounts as at 28 April 2007 were reset during 2010. Furthermore we implemented a thorough security review in 2010, which included an audit by industry specialists and simulated hacker penetration tests, and we have further upgraded the security of our network.
SBR: Was this a team of hackers or did former employees have a hand in the electronic theft? Have any players reported having their balances stolen or lost by a third-party to date and if so what action was taken by Bet24?
Bet24: Only the police have this information and due to ongoing investigations they will not disclose. For customers with account registered as at 28th of April 2007 the stolen information is so far known to have been used to access a limited number of customers' BET24 accounts, third party accounts and personal email accounts. A small number of customers have alerted us to unauthorised activity on their BET24 accounts and we have fully reimbursed them for any financial loss incurred on their accounts
SBR: May I know the ballpark in Euros that was refunded to the Bet24 players who had their accounts illegally accessed?
Bet24: Unfortunately I can't comment on the level of compensation, but as stated at our site, it's a small number of customers who have alerted us to unauthorised activity on their BET24 accounts. LGA is fully informed about the case.