32Red Casino Technical Glitch Exposes Data of Around 118 Customers

Cards exposed, balances lost

A technical glitch on 32Red’s casino website, owned and operated by Kindred Group, has led to the exposure of personal and financial details of a number of customers.

account holder name, last four digits, and expiry details of other customers’ payment cards

UK-based gamblers who logged in to their 32Red accounts on the morning of February 18 reported seeing the data of other customers instead of their own. This included the account holder name, last four digits, and expiry details of other customers’ payment cards. Some users said the glitch also affected account finances, randomly reducing their wallet balances.

In a statement to Verdict, a Kindred spokesperson confirmed that the issue potentially affected 118 accounts, adding that it resulted from a “fault in a server that handles session information.” The company temporarily closed the site for maintenance last week to correct the issue and conduct an investigation.

A troubling customer experience

At the time of the data breach, some 32Red account holders took to Twitter to voice their concerns. One customer said he watched the money drain from his 32Red account before refreshing to see another person’s debit card listed. “The fact they haven’t alerted anyone is a bit of a bad move,” the Twitter user concluded.

one customer said he watched the money drain from his 32Red account before refreshing to see another person’s debit card

Similarly, another customer told Verdict that while playing roulette at 32Red casino, he saw his account balance reduce randomly. The user then found two other payment cards present on his account. Upon contact, the operator informed the customer that it was conducting a full investigation into the matter.

Despite customer reports of financial discrepancies, the operator insisted “there is no financial impact” to any 32Red user. It said it found no transactions to or from the incorrect payment cards. 32Red has reported the glitch to the Gibraltar Regulatory Authority and is currently contacting customers to correct account balances.

Although 32Red confirmed customers did not lose money in the breach, Jake Moore, a cybersecurity specialist, warned that the server error could still leave customers at risk. The employee of internet security firm ESET told Verdict: “Often people do not realize the significance of such stolen data.” He said that, if used with other breached information, it could “become a joining the dots exercise on the dark web and black markets.”

32Red and negative press

Online casino and sportsbook operator 32Red has been subject to negative press a number of times in recent years, and not just for technical glitches. Mainly, these controversies centered around a lack of responsible gambling efforts.

During the 2019/2020 English soccer season, the operator entered a sponsorship agreement with former England international player Wayne Rooney. The deal saw Rooney don the number 32 shirt when he joined Championship team Derby County for the season. The move prompted widespread criticism from mainstream media in the UK.

At the time, Kenny Alexander, former CEO of Entain, then known as GVC Holdings, described the deal as “a complete own goal.” He said it undermined the work of other UK operators driving towards responsible betting and those attempting to reduce the level of gambling sponsorship in sport.

32Red has also received a number of regulatory fines and warnings. In 2018, the operator footed a UK Gambling Commission fine of £2m ($2.8m) for failing to protect a customer from gambling-related harm. In addition, the company voluntarily paid almost £600,000 ($850,230) to a Northern Irish business in 2019 after a customer wagered stolen money on 32Red’s casino.

Latest posts