Ex-poker employee guilty of selling 65,000 bingo players' details
Buying and selling customer data was widespread during his time working in Israel, says industry worker found guilty under Data Protection Act today.
An egaming industry worker was found guilty today of illegally obtaining and selling the personal data of 65,000 Foxy Bingo players.
Marc Ben-Ezra of Finchley was found guilty of committing three offences under section 55 of the Data Protection Act at Hendon Magistrates Court and given a three year conditional discharge and ordered to pay £1,700 to Foxy Bingo operator Cashcade as well as £830.80 costs. The offences also related to obtaining and selling the details of 404 Gala Coral customers from 2008.
Information Commissioner Christopher Graham, representing the UK’s independent authority set up to uphold information rights in the public interest, the Information Commissioner’s Office (ICO) said:
“Mr Ben-Ezra sold people’s personal details on an industrial scale, making in the region of £25,000 at the expense of the tens of thousands of bingo players whose privacy he compromised, and who he exposed to the nuisance of being approached by rival betting websites and, at worst, the risk of identity theft.
“I am grateful to Cashcade Limited and Gala Coral for their work in exposing this unlawful practice. However, we still don’t have a punishment that fits the crime. The ICO continues to push for the government to activate the 2008 legislation that would allow courts to consider other penalties like community service orders or the threat of prison.”
The offences were uncovered in May this year when Cashcade became aware of emails containing sample data of 400 Foxy Bingo customers being sent by Ben-Ezra to his industry contacts under the pseudonym Malcolm Edwards.
The bwin.party-owned bingo business then instructed an investigative services company to test purchase the data, which contained over 65,000 Foxy Bingo customers’ personal details, for which Ben-Ezra received £1,700 in cash. Cashcade then handed this data to the Information Commissioner’s Office.
Cashcade said it believed the test data, which contained customers’ names, addresses, email addresses, telephone numbers and usernames, but not bank account details, had been unlawfully obtained in 2008 and sold to Ben-Ezra, who was working for an poker company in Israel at the time.
Ben-Ezra was exposed as the individual behind the offences in August 2011 when the ICO’s investigators traced the email address to the business address of Mr Ben-Ezra’s father-in-law. During a subsequent interview under caution he admitted the offences and stated that the practice of buying and selling customer data was widespread during his time working in the industry in Israel. He told officers that upon moving to London, he sold the data to pay off his gambling debts.
Cashcade said it had as yet been unable to identify the other perpetrators of the 2008 breach, ultimately responsible for passing the customer details onto Ben-Ezra, but said it had taken “remedial action” to prevent a recurrence.
The email sent to the investigative services company by Ben-Ezra also included details of 404 Gala Coral customers from 2008. Gala Coral Group confirmed it believed the information had been unlawfully obtained from their management information system.