Betfair security chief departs after data breach exposed

The director of security at online betting exchange Betfair has left the company just days after an 18-month old data breach at the company was reported in the press.

Security in business technology

The director of security at online betting exchange Betfair has left the company just days after an 18-month old data breach at the company was reported in the press.

News emerged last week of a data breach in which millions of customers’ contact details and credit card numbers were stolen by hackers. The breach took place in May 2010, six months before Betfair launched on the London Stock Exchange.

The Daily Telegraph criticised the company for not disclosing details of the data breach to customers or potential investors. However, Betfair said it did not reveal the breach "because there was no risk to customers".

It emerged yesterday that Betfair’s security director Sean Catlett is leaving the company to work with a start-up company in the US. Betfair confirmed Catlett’s departure, but would not comment on the circumstances.

Before joining Betfair in October 2009, Catlett had been head of threat management at Barclays and a senior vice president at Bank of America.

The Telegraph reports that a wave of Betfair’s security personel have left the company since the 2010 breach, with Marcus Pinto, head of application security, Stephen Kapp, an application security specialist, and Fiona Fryer, data protection manager all leaving the company.

The departures are not limited to security personnel, with Betfair’s chief executive David Yu announcing his imminent departure in June this year. Last month, chairman Edward Wray told the annual meeting that he too would be stepping down.

There is no legal obligation for businesses to disclose data breaches, even if sensitive customer data is leaked. However, a spokesperson for the Information Commissioner’s Office told Information Age that the watchdog would "expect organisations to notify us of serious breaches which are high volume or of sensitive data".

Failure to do so would be taken into account when the ICO came to decide penalties for any breach of the Data Protection Act, they added.

Comments (0)