According to the Daily Telegraph, the company disclosed in an internal report that between 28 March 2010 and 9 April 2010, cyber criminals stole 3.15 million account usernames with encrypted security questions, 2.9 million usernames with one or more addresses and 89,744 account usernames with bank account details.

Customer accounts that existed at 1 February 2010 were affected, yet Betfair made no move to inform customers of the breach because it decided that there was "no risk to customers".

"Eighteen months ago we were subject to an attempted data theft. Because of our security measures the data was unusable for fraudulent activity and we were able to recover the data intact.

"At the time, we contacted all the relevant authorities and worked closely with them regarding this matter and it was established that there was no risk to customers," the company said in a statement.

The authorities that Betfair was forced to inform included the UK Serious Organised Crime Agency (SOCA), the German law enforcement agencies, and the Australian Federal Police. It also notified the Royal Bank of Scotland, which was responsible for accepting card payments made via Betfair.