The credit and debit information of approximately 2.3 million customers of a gambling website were put at risk after site officials waited 18 months to report a security breach, Bank Info Security reports. Betfair fell victim to a hack between March and April of 2010, but the issue wasn't uncovered until this past May following a server crash. It's thought that cyber-attackers gained access to more than 3 million usernames with physical addresses associated with them - at least 90,000 of which contained bank account details. The site's officials stated that they kept the breach private because they believed no customer data had been harmed. However, experts believe the company was negligent. "This was nothing short of a clumsy cover-up," said Neal O'Farrell, founder of the Identity Theft Council, as quoted by the news source. Kevin Lee, CEO of payments security provider CRE Secure, adds that Betfair also appears to have neglected Payment Card Industry Data Security Standard regulations, as none of its users' card information was encrypted. Information Age notes that a large majority of the site's security personnel have left the company since the breach.