Major AA data breach compromised personal details of 117,000 customers

Major AA data breach compromised personal details of 117,000 customers

Orbitz data breach: Hackers stole personal & financial details of 880,000 customers

The AA suffered a major data breach in April that compromised sensitive details of 117,000 customers but failed to notify customers about the breach.

AA initially maintained that the data breach compromised a few orders from customers but no sensitive information was leaked.

The data breach in question has been attributed to a server misconfiguration by the AA and that the information so breached included orders for maps and other products from customers and other retailers from the company’s online shop. AA is presently conducting an independent inquiry on the breach and has informed the Information Commissioner’s Office about it.

Top five biggest cyber-attacks in the UK

According to Edmund King, the President at AA, investigation on the data breach was closed on April 25 after the vulnerability had been discovered and fixed. The company’s internal investigation also found that no sensitive data had been breached and that the affected backup files were only accessed a few times.

“We take any data issues incredibly seriously and would like to reassure our AA Shop customers that their payment details have not been compromised,” he said.

However, Troy Hunt, a security researcher who runs a popular website named Have I Been Pwned, conducted his own investigation into the said data breach. He found that the data contained as many as 117,000 email addresses, names, web addresses, credit card types, final four digits of credit card numbers and expiry dates.

Data breach at University of East Anglia reveals students’ personal details

“I have confirmed with many Have I Been Pwned subscribers in the data and they have verified that it’s accurate. They’re customers of the AA and they never received a notification about the data exposure. At no point does their statement acknowledge the severity of the exposed data nor that they failed to notify customers when learning of the exposure,” Hunt told the BBC.

“Businesses and organisations are obliged by law to keep people’s personal information safe and secure. We are aware of an incident involving the AA and are making enquiries,” said a spokesperson from the Information Commissioner’s Office.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]