Canadian so-called ‘Paddy Power hacker’ denies wrongdoing
Man accused of having database of customer information issues statement
The Canadian man accused by Paddy Power of being in possession of a massive database of its confidential customer information has issued a statement denying he was “the perpetrator of their breach.”
Paddy Power declined to comment on the statement to The Irish Times but acknowledged it was aware of its contents.
The Dublin-listed company has previously said no financial information or passwords were compromised in the 2010 hacking incident.
The office of the Data Protection Commissioner has said it is “disappointed” that Paddy Power did not report the major data security breach sooner.
In a statement issued this week Mr Ferguson explains the background to how he ended up owning a database of confidential information about 650,000 Irish and international clients of the bookmaker.
Mr Ferguson said he had decided to do so in order to “to set the record straight” after Paddy Power launched a civil suit against him in May and later in July executed a search and seizure order against him as “they were under the assumption I had in my possession a copy of a Paddy Power database that was hacked and stolen in 2010.”
“I cooperated with the authorities and Paddy Power litigation. I provided all help they needed to clear my name as the perpetrator of their breach,” Mr Ferguson said. The Canadian businessman admitted in December 2013 he purchased 40 files of data in order to target gamblers with a casino affiliate campaign.
“In that lot of data I had purchased was a copy of approximately 650K Paddy Power customers but I was unsure if the file had been doctored or not to make it appear like they were active gamblers,” he said.
Mr Ferguson claimed buying data in order to generate sales leads was normal in the online gambling industry.
“In the mainstream media, they’re writing without the facts. I see a lot of assumptions that the “Canadian hacker” is the culprit. This is not the case,” he said.
“I under no circumstance was involved or know anything about the security breach of 2010 that affected the customers of Paddy Power,” he added.
Mr Ferguson said he had “no malicious intent” in acquiring the data. “My only intent was to do what 1000?s of casino and sportsbook affiliates worldwide do and that was to market to the data. But based on the nature of the database I DID NOTHING with it,” he added.
“As of August 6th, I have been cleared of any claims as I have cooperated fully with Paddy Power and all authorities. They have all ascertained there is no way I hacked or had anything at all to do with their security breach in 2010,” his statement concluded.
Paddy Power declined to comment on whether it agreed with the claims made in Mr Ferguson’s statement. The Canadian businessman could not be contacted for further comment.