Almost five weeks after the British Columbia Lottery Corporation (BCLC) revoked public access to its newly opened online gaming site PlayNow.com following the discovery of a technical glitch which allowed accounts to be viewed by other players, the BCLC said Thursday that it was ready for the planned re-launch of the site after the completion of an independent review by Deloitte.
BCLC shut down PlayNow.com on July 15th after a data crossover impacted 134 player accounts. Of these accounts, twelve had a measure of personal information viewed by another player. A four-part external review and regulatory approval process was initiated on July 27th.
In a letter to BCLC’s President and CEO Michael Graydon yesterday, British Columbia’s assistant deputy minister Derek Sturko said that the technical review of the PlayNow.com incident and remediation activities was now complete. This included the work undertaken by staff of the BCLC, testing of the issue and the Corporation’s remediation efforts by Technical Systems Testing (TST), and Deloitte Canada’s completion of phase one of its review of the PlayNow.com system.
In the same letter, Sturko said that Deloitte has confirmed it is confident that the root cause for the ‘data crossover’ between account users has been correctly identified and the remediation plan effectively resolves this issue.
BCLC’s regulator, British Columbia’s Gaming Policy and Enforcement Branch (GPEB), provided oversight of all this activity and worked in cooperation with the Office of Information and Privacy Commission (OIPC), Sturko said.
Sturko added that GPEB would initiate and oversee post-launch activities, in cooperation with the OIPC, with an information systems security audit to verify that the overall PlayNow.com network architecture and all related components have been implemented with appropriate levels of security and stability, while phase two of Deloitte’s review with focus on IT general controls including policies and procedures used to implement PlayNow.com casino games.
BCLC explained that the root cause of the glitch was a default configuration setting designed and packaged by the server software provider which “created a vulnerability within the server environment allowing the incorrect assignment of user information.”
This issue, in combination with website performance issues and the server handling of traffic loads, caused the data crossover. BCLC said that once the root cause was determined, technical experts quickly identified and thoroughly tested a solution that successfully prevented the data crossover.
As a result of all of the reviews and activities, including the results of TST’s independent testing of the PlayNow.com platform and games, GPEB approved the re-launch of the PlayNow.com website.
BCLC has brought the site back online today and BC residents are now able to register and claim a generous sign-up bonus.
Graydon had said that shutting down the site had cost the BCLC a staggering estimated $150,000 a day in lost revenues.