Breach, Data Security

Racing Post website SQL injection attack compromises 677K accounts

The website of British racing and sports betting newspaper Racing Post was hit with a SQL injection attack in October 2013 that enabled an attacker to access a database of registered customers, according to a Thursday news release from the Information Commissioner's Office (ICO).

677,335 accounts were compromised, with information including names, addresses, dates of birth, phone numbers and passwords.

An ICO investigation revealed that Racing Post had not applied updated security patches following penetration testing on its website in 2007 and, additionally, there were issues with the way Racing Post stored the customer data, according to the release.

Racing Post will be adding routine security testing and policies for regular security updates, the release indicates, adding Racing Post dodged fines of up to half a million pounds because financial data was not stolen.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.