Major AA data breach compromised personal details of 117,000 customers

Major AA data breach compromised personal details of 117,000 customers

Orbitz data breach: Hackers stole personal & financial details of 880,000 customers

The AA suffered a major data breach in April that compromised sensitive details of 117,000 customers but failed to notify customers about the breach.

AA initially maintained that the data breach compromised a few orders from customers but no sensitive information was leaked.

The data breach in question has been attributed to a server misconfiguration by the AA and that the information so breached included orders for maps and other products from customers and other retailers from the company's online shop. AA is presently conducting an independent inquiry on the breach and has informed the Information Commissioner's Office about it.

Top five biggest cyber-attacks in the UK

According to Edmund King, the President at AA, investigation on the data breach was closed on April 25 after the vulnerability had been discovered and fixed. The company's internal investigation also found that no sensitive data had been breached and that the affected backup files were only accessed a few times.

"We take any data issues incredibly seriously and would like to reassure our AA Shop customers that their payment details have not been compromised," he said.

However, Troy Hunt, a security researcher who runs a popular website named Have I Been Pwned, conducted his own investigation into the said data breach. He found that the data contained as many as 117,000 email addresses, names, web addresses, credit card types, final four digits of credit card numbers and expiry dates.

Data breach at University of East Anglia reveals students' personal details

"I have confirmed with many Have I Been Pwned subscribers in the data and they have verified that it's accurate. They're customers of the AA and they never received a notification about the data exposure. At no point does their statement acknowledge the severity of the exposed data nor that they failed to notify customers when learning of the exposure," Hunt told the BBC.

“Businesses and organisations are obliged by law to keep people’s personal information safe and secure. We are aware of an incident involving the AA and are making enquiries,” said a spokesperson from the Information Commissioner's Office.

Copyright Lyonsdown Limited 2020

Top Articles

Universal Health Services lost $67m to a Ryuk ransomware attack last year

Universal Health Services said the cyber attack cost it $67 million in remediation efforts, loss of acute care services, and other expenses.

How the human immune system inspired a new approach to cyber-security

Artificial intelligence is being used to understand what’s ‘normal’ inside digital systems and autonomously fight back against cyber-threats

Solarwinds CEO blames former intern for hilarious password fiasco

SolarWinds has accused a former intern of creating a very weak password for its update server and storing it on a GitHub server for months.

Related Articles