Malta-based BET24.com in belated warning of security breach

BET24.com said that the security breach related specifically to customers registered before October 31st 2009.

The company was informed by police authorities following the arrest of third party individuals who were in possession of unauthorised copies of personal customer information relating to various companies including BET24.com.

BEt24.com said that its customer information was stolen from the company by means of an illegal electronic access to its database, which is believed to have taken place in December 2009.

For customer with accounts registered as at April 28th 2007, BET24.com said that the stolen information comprises a list of customer names, postal addresses, email addresses, dates of birth, BET24 account user names, BET24 account user ID numbers, BET24 account passwords and BET24 account balances, and, in some cases, telephone numbers and IP addresses.

The stolen information also comprises a second separate list of BET24 account user ID numbers, BET24 account balances and parameters, customer payment card expiry dates, encrypted customer payment card numbers and encoded customer payment card types.

The company said however that encrypted payment card information has not to its knowledge been decrypted, and a review undertaken by internet security specialists has confirmed that the level of encryption is very high.

In addition, no payment card security codes are stored on the BET24 database. The stolen information is so far known to have been used to access a limited number of customers’ BET24 accounts, third party accounts and personal email accounts.

BET24.com said that a small number of customers have alerted the company to unauthorised activity on their accounts, with BET24.com fully reimbursing them for any financial loss incurred on their accounts.
 For customer with accounts registered between April 28th 2008 and October 31st 2009, the stolen information is more limited and comprises a list of BET24 account user ID numbers, BET24 account balances and parameters, customer payment card expiry dates, encrypted customer payment card numbers and encoded customer payment card types.

This stolen information does not include any personal details or passwords and is not therefore sufficient to enable access to accounts.

Thomas Petersen, CEO of BET24.com said that the company is working closely with the police authorities to establish how the information was stolen, how it has been used, and which customers are affected.

“We implemented a thorough security review in 2010, which included an audit by industry specialists and simulated hacker penetration tests, and we have further upgraded the security of our network,” said Petersen. “The BET24 passwords for all customers who had registered accounts as at 28 April 2007 were reset during 2010. We continue to monitor our systems and customer transactions constantly, and to upgrade our systems regularly.

“Our customers are our number one priority and the security of your personal information is of paramount importance to us.”

BET24.com added that there was no information to indicate that any unauthorised access to its database or breach of its security systems has occurred since December 2009, with no reason to believe that accounts registered after October 31st 2009 are affected in any way.

Modern Times Group MTG AB, a leading international entertainment broadcasting group which includes Viasat Broadcasting, has been the major shareholder of Bet24 since March 2006, owning 90 per cent of the company.