Tour operators

Hacker exposes data vulnerability in Thomas Cook Norwegian duty free site

Posted by Lee Hayhurst on
Hacker exposes data vulnerability in Thomas Cook Norwegian duty free site

Thomas Cook says it has taken steps to increase security after a hacker gain unauthorised access to customer data via a duty free shopping website in Norway .

The vulnerability was exposed by Norwegian security researcher Roy Solberg who posted a blog about his ability to hack into the website and access customer details.

Solberg said he did not download a lot of data because he did not want anyone to question his motives.

Cook said the details of only around 100 bookings were accessed although it was reported that records of hundreds of thousands of transactions were available dating back to 2013.

The firm also said the nature of the breach meant it did not meet the criteria by which the firm would automatically report it to the relevant authorities.

In a statement issued to Sky News after the vulnerability was exposed, Cook said: “We take any breach of our customer data extremely seriously.

“After being alerted to this unauthorised access to our online duty free shopping website in Norway, we closed the loophole and took responsible actions in line with the law.

“Based upon the evidence we have, and the limited volume and nature of the data that was accessed, our assessment is that this was not an incident which is required to be reported to the authorities.

“For the same reasons we have not contacted the customers affected.”

The firm added that since becoming aware of the incident it has taken steps to ensure there are no similar loopholes in its IT systems.

The UK’s data watchdog, the Information Commissioner’s Office (ICO), told Sky News that it would make further enquires about the breach as it did “raise some potential concerns”.

Comments

This is a community-moderated forum.
All post are the individual views of the respective commenter and are not the expressed views of Travolution.
By posting your comments you agree to accept our Terms & Conditions.