AA Traveller apologises after massive data breach

AA Traveller says a data breach has affected hundreds of thousands of customers.

Hacker using laptop. Lots of digits on the computer screen.

Photo: 123RF

Hackers have taken names, addresses, contact details and expired credit card numbers from the AA Traveller website used between 2003 and 2018.

AA travel and tourism general manager Greg Leighton said the data was taken in August last year and AA Traveller found out in March.

He said a lot of the data was not needed anymore, so it should have been deleted, and the breach “could have been prevented”.

“You should be able to give your data and for that to be secure. We understand that and respect that and are incredibly sorry.”

Leighton said cybersecurity experts reviewed the breach and “interpreted that the vulnerability definitely was there” and “there was some data that was extracted from the server”.

He said the site was then secured “to ensure there’s no further risk or vulnerability to individuals concerned.”

AA Traveller is contacting all affected customers this week.

The association also identified in 2010 that nearly 30,000 people who took an online AA Travel New Zealand survey were at risk of being hacked by an overseas account.

Users were all sent an email informing them and telling them to change their password.

Leighton said today: “These characters [hackers] are always looking for access points. It’s just one of those things that occur. And it’s very frustrating.

“But we should not have this happen. We’re constantly looking at our security settings. We’ve certainly learned a great deal from this.”

The AA is now checking technology for “vulnerabilities” and ensuring data “is basically eliminated, where it’s no longer required”.

Leighton said it was unclear where the hackers were based.

AA Traveller is working with the Office of the Privacy Commissioner.

0 Shares:
Leave a Reply

Your email address will not be published.

You May Also Like