DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: Gambling worker guilty of selling 65,000 bingo players’ details

Posted on November 10, 2011 by Dissent

A former gambling industry worker who unlawfully obtained and sold personal data relating to over 65,000 online bingo players has been found guilty of committing three offences under section 55 of the Data Protection Act.

Marc Ben-Ezra, of Finchley, was given a three year conditional discharge and ordered to pay £1,700 to Cashcade Limited as well as £830.80 costs at Hendon Magistrates Court today.

Information Commissioner, Christopher Graham, said:

“This case shows that the unlawful trade in personal information is unfortunately still a thriving and lucrative activity. Mr Ben-Ezra sold people’s personal details on an industrial scale, making in the region of £25,000 at the expense of the tens of thousands of bingo players whose privacy he compromised, and who he exposed to the nuisance of being approached by rival betting websites and, at worst, the risk of identity theft.

“I am grateful to Cashcade Limited and Gala Coral for their work in exposing this unlawful practice. However, we still don’t have a punishment that fits the crime. The ICO continues to push for the government to activate the 2008 legislation that would allow courts to consider other penalties like community service orders or the threat of prison.”

The offences were first uncovered in May 2011 when Mr Ben-Ezra sent a series of emails to a number of contacts within the UK gaming industry offering customer data for sale. The emails were sent under the pseudonym Malcolm Edwards and contained a sample data set relating to 400 Foxy Bingo customers.

Cashcade Limited, which provides marketing services for the Foxy Bingo brand and is the data controller for its customer information, was concerned and wanted to know how its customer data had been obtained. The company instructed an investigative services company to conduct a test purchase of the data – which contained over 65,000 Foxy Bingo customers’ personal details – and paid Mr Ben Ezra £1,700 cash for it. Cashcade Limited then handed this information to the ICO and co-operated fully with investigators to find out who was responsible.

Cashcade Limited believe that the acquired test data, which did not contain customers’ bank account details, was unlawfully obtained in 2008 and sold to Mr Ben-Ezra, who was working for a poker company in Israel at the time. Attempts by Cashcade to identify the perpetrators of the 2008 breach have so far been unsuccessful but remedial action to prevent a recurrence has been taken. The company is continuing to pursue the other perpetrators.

The data that was acquired contained customers’ names, addresses, email addresses, telephone numbers and usernames. Cashcade Limited has assured the ICO that no customer accounts were compromised.

The email sent to the investigative services company by Mr Ben-Ezra also included customer information relating to 404 Gala Coral customers from 2008. The data controller – Gala Coral Group – has confirmed that they believe that the information was unlawfully obtained from their management information system.

Mr Ben-Ezra was exposed as the individual behind the offences in August 2011 when the ICO’s investigators traced the email address which was found to be registered to the business address of Mr Ben-Ezra’s father-in-law. After enquiries were made at that address, Mr Ben-Ezra contacted the ICO and during his meetings with officers co-operated fully and handed over the laptops containing the data. During an interview under caution he admitted the offences and stated that the practice of buying and selling customer data was widespread during his time working in the gaming industry in Israel. He told officers that he kept the data which he had obtained whilst in Israel and, on moving to London, he sold it as a way of paying off his gambling debts.

The ICO has not received any complaints from the customers on the lists. Foxy Bingo and Gala Bingo have proactively contacted affected customers to assure them that their account information is secure.

Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is punishable by way of a financial penalty of up to £5,000 in a Magistrates Court or an unlimited fine in a Crown Court. The ICO continues to call for more effective deterrent sentences, including the threat of prison, to be available to the courts to stop the unlawful use of personal information.

Source: Information Commissioner’s Office

Related posts:

  • UK: Welcome Financial Services Limited Fined £150,000 After Backup Tapes With Customer Contact Info Lost
Category: Breach IncidentsBusiness SectorInsiderNon-U.S.

Post navigation

← Fr: Activists hack ruling party’s phone numbers
Lockheed Martin opens branch at No 53 Wentworth Avenue in Kingston →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.