Here at Bingosupermarket we campaigned for online bingo operators to take the issue of players data being openly old sold seriously. It was our concern that extent of the content, which included players usernames and passwords as potential risk that could have resulted in members of the public having both their emails and banks accounts compromised. After the successful conviction of one of the culprits it seems that legal system is unable to send out the right message to what is clearly a lucrative crime that puts people at serious risk. Marc Ben-Ezra has been fined a measly £830 even though it made more than £25,000 from the repeated sale of player’s data.

Marc Ben-Ezra, who was a former worker within the gambling industry, has been given a three year conditional discharge and ordered to payback £1,700 to Cashcade Limited (company behind Foxy Bingo) and pay £830.80 in costs. He was charged with unlawfully obtaining and selling personal information relating to 65,000 bingo players and committing three offences under section 55 of the Data Protection Act. As Cashcade paid Ben-Ezra £1,700 for a copy of the list to verify what was actually on sale, the real punishment is just £830 a fraction of the cost that it will have actually cost to even investigate this matter by the various authorities involved alone bringing the matter to court.

In April we were offered the opportunity to buy player details of 3 million online gambling players from around 10 top brands. The details on Foxy Bingo players were that in depth (e.g. it wasn’t just email address) that we immediately contacted Foxy Bingo and the Information Commissioners Office (ICO). At the time it was our view that while we understood there was the intention to investigate the matter that the public should be made aware of the risks that they now faced. We witnessed the testing of sample lists which allowed access to players account under a number of different brands as most players used the same usernames and passwords for a variety of different accounts. An information expert had also told us at the time that there was a real risk that as people used the same names and passwords that you would be able to access players emails accounts for many players and also it would not be hard to gain access to their financial information.

It would also appear that while Cashcade have taken action against to bring this matter to court as their data had been abused more than most the other operators that were on these lists have not taken the matter as seriously. We were also offered 250,000 players data from Foxy Bingo, however the reports suggest authorities have only looked into the sale of 65,000 players data being sold. The other operators which we were offered players data for included, 888 Holdings, Betfred, Bo Dog, Casino Euro, Casino Club, French Casino, Full Tilt Euro, Ladbrokes, Gala Bingo, Mansion.

Cashcade Limited instructed an investigative services company to conduct a test purchase of the data – which contained over 65,000 Foxy Bingo customers’ personal details – and paid Mr Ben Ezra £1,700 cash for it. Cashcade Limited then handed this information to the ICO and co-operated fully with investigators to find out who was responsible.

Mr Ben-Ezra was exposed as the individual behind the offences in August 2011 when the ICO’s investigators traced the email address which was found to be registered to the business address of Mr Ben-Ezra’s father-in-law. After enquiries were made at that address, Mr Ben-Ezra contacted the ICO and during his meetings with officers co-operated fully and handed over the laptops containing the data.

Cashcade Limited believe that the acquired test data, which did not contain customers’ bank account details, was unlawfully obtained in 2008 and sold to Mr Ben-Ezra, who was working for a poker company in Israel at the time. Attempts by Cashcade to identify the perpetrators of the 2008 breach have so far been unsuccessful. Mr Ben-Ezra had originally claimed he had obtained the data from a former senior employee at Cashcade but this has since been ruled out. The data that was acquired contained customers’ names, addresses, email addresses, telephone numbers and usernames. Cashcade Limited has assured the ICO that no customer accounts were compromised.

It should be pointed out that Bingosupermarket was also offered for sale player’s data for Foxy Bingo that was as recent as January 2011 which suggests there maybe even more to this issue than is currently being reported. It is believed that it was Mr Ben- Ezra that was behind this correspondence using the name of Jack Mor. A number of sources within the online gambling industry that did not wished to be named, claim this was just the tip of the iceberg and the issue of illegally selling player’s data is massive. Ben-Ezra himself claimed in an interview under caution he admitted the offences and stated that the practice of buying and selling customer data was widespread during his time working in the gaming industry in Israel. He claimed that he had got involved in an attempt to pay off his own gambling debts.

During the investigations conducted by Cashcade customer details relating to 404 Gala Coral customers were sent by Ben-Ezra. The data controller at the Gala Coral Group has confirmed that they believe that the information was unlawfully obtained from their management information system.

Information Commissioner, Christopher Graham, commented:

“This case shows that the unlawful trade in personal information is unfortunately still a thriving and lucrative activity. Mr Ben-Ezra sold people's personal details on an industrial scale, making in the region of £ 25 000 at the expense of the tens of thousands of bingo players whose privacy he compromised, and who he exposed to the nuisance of being approached by rival betting websites and, at worst, the risk of identity theft.

I am grateful to Cashcade Limited and Gala Coral for their work in exposing this unlawful practice. However, we still don't have a punishment that fits the crime. The ICO continues to push for the government to activate the 2008 legislation that would allow courts to consider other penalties like community service orders or the threat of prison.”

One of the difficulties regarding problems within the online gambling industry is that the conflict of interests with the media. Most media groups are associated with their own online gambling operations and do not want negative publicity about the industry to be published even where this is related to a competitive brand. As such there is little support for changes in legislation and members of the public are unlikely to be aware of the problems and risks that they face. It is very unlikely that there will be any further action taken in relation to this matter. Lets be honest if the fines had been a little bit more realistic, or there were a number of companies investigated and individuals prosecuted this could end up gaining some serious attention amongst the public and is likely to bring around a negative image on the industry as a whole. What is the point in investigating the matter to convict people when in the long run it could do more damage to your business??