Betfair, the world’s largest online betting company, has named Cambodia as the possible origin of a cyber attack in which payment information from 2.3 million users was stolen.

Cambodia was the only country that had been identified by Betfair, which is based in Britain, in connection with the security breach on March 14 last year, company spokesman Jonathan Lates said yesterday.

The attack was detected in May of last year, although users were not informed of the theft nor was the security breach mentioned in a pros-pectus before the company’s 1.39 bill-ion pound (US$2.17 billion) initial public offering last October, according to English newspaper the Telegraph.

When reached by phone yesterday,  officials at the National Information Communications Technology Development Authority were unaware the Kingdom had been named in the company’s report.

A proxy attack via a Cambodian server might have led Betfair to believe the  attack had originated in the Kingdom, Cambodia-based information security consultant Bernard Alphonso said yesterday.

Computers in the Kingdom’s hundreds of internet cafes were highly infected with viruses and pirated software use was endemic, making it easy to launch attacks that originated in other countries but appeared to come from Cambodia, Alphonso said.

“Many computers here are infected and can be easily manipulated without the user knowing,” he said, adding that a general lack of internet security awareness among companies, the government and personal users made Cambodia a possible host, and target, of cyber crime.

Betfair’s claims come after the Post reported that 60 Chinese and Taiwanese nationals had been arrested in Cambodia last week over telephone scam allegations.