Malta-based Betfair accused of keeping massive card data theft quiet

The online bookmaker is also being accused of omitting to mention the breach in its listings prospectus ahead of a floatation next month.

According to an internal report obtained by the Daily Telegraph, in March and April last year it appears that hackers - thought to be from Cambodia - infiltrated the gambling site's systems and stole the payment card details of around 2.3 million customers.In addition, 3.15 million usernames with encrypted security questions were taken, 2.9 million usernames with addresses and 90,000 usernames with bank account details.

The security breach was not discovered until last May when a server crashed at the company's data centre in Malta.

Betfair informed the UK Serious Organised Crime Agency (Soca), law enforcement agencies in Australia and Germany and the Royal Bank of Scotland, which processes payments for the company.

However, customers were not told, a decision taken on the advice of Soca, says the firm. Nor was the breach mentioned in Betfair's prospectus for its exchange listing, which went ahead in October, just weeks after the internal report was completed.

Betfair now says the data "was unusable for fraudulent activity" and that its systems have been strengthened to guard against future attacks.