Thomas Cook admits data breach - TravelMole


Thomas Cook admits data breach

Wednesday, 10 Jul, 2018 0

Thomas Cook has suffered a data breach which exposed the names, email addresses, and flight details of customers.

Blogger Roy Solberg, a Norwegian security researcher accessed the customer data through vulnerabilities, which he has since reported, according to Sky News.

Thomas Cook said the gaps in its security have since been plugged. It said Solberg was the only person to exploit the security issue and that fewer than 100 bookings were accessed.

It is understood that Thomas Cook decided during an internal assessment that there was no need to report the incident to the data protection authority due to the nature of the data that was accessed.

However, Solberg has claimed in his blog that the details of tens of thousands of bookings dating back to 2013 were available to hackers. He said he the breach had occurred on Thomas Cook’s Norwegian site airshoppen, where customers can buy upgrades and duty-free items.

In his blog post, Solberg said: "I never download a lot of data as I don’t want anyone to question my motives, but I do like to get an idea of the scope of a data leak, so I did a few tests to see if I could see how many bookings this was affecting."

In a statement, Thomas Cook told Sky News: "We take any breach of our customer data extremely seriously.

"After being alerted to this unauthorised access to our online duty free shopping website in Norway, we closed the loophole and took responsible actions in line with the law.

"Based upon the evidence we have, and the limited volume and nature of the data that was accessed, our assessment is that this was not an incident which is required to be reported to the authorities.

"For the same reasons we have not contacted the customers affected."

Thomas Cook added: "We regularly test our systems using third party agents and since becoming aware of this incident we have taken further steps across our IT systems to ensure that we don’t have a similar loophole elsewhere."

It said no UK customers were affected by the breach. A spokesman confirmed additional security measures had been put in place.

A spokesperson for the UK’s data watchdog, the Information Commissioner’s Office (ICO), told Sky News: "An organisation must assess if a breach should be reported to the ICO. However, this story does raise some potential concerns and we will be making further enquiries.



 

profileimage

Linsey McNeill

Editor Linsey McNeill has been writing about travel for more than three decades. Bylines include The Times, Telegraph, Observer, Guardian and Which? plus the South China Morning Post. She also shares insider tips on thetraveljournalist.co.uk



Most Read

Mark Jaronski of Explore Georgia on FIFA World Cup 2026

Connecting Small Businesses to Global Tourism Markets: Nate Huff of Tourism Exchange

North Carolina’s Resilience: Wit Tuttell on Recovery and Tourism

Kittipong Prapattong’s Plan for Thailand’s Tourism Growth: Taxes, Visas, and Campaigns

James Jin: Didatravel’s Journey from China to Global Reach and the Impact of AI on Travel

Darien Schaefer on Pensacola’s Evolution: From Small Town to Global Destination

Florida Tourism’s Next Frontier: Dana Young on Expanding Beyond the Classics

Patrick Harrison on Tampa Bay Tourism’s Resilience and Marketing Strategy

Bubba O’Keefe on Clarksdale’s Vibrant Music Scene

Commemorating Elvis and Embracing Tupelo’s Culture with Jennie Bradford Curlee

Craig Ray and the Expansion of the Blues Trail

Presenting Mississippi’s Cultural Trails with Katie Coats
TRAINING & COMPETITION

Our emails to you has bounced travelmole.com Or You can change your email from your profile Setting Section

Your region selection will be saved in your cookie for future visits. Please enable your cookie for TravelMole.com so this dialog box will not come up again.

Price Based Country test mode enabled for testing United States (US). You should do tests on private browsing mode. Browse in private with Firefox, Chrome and Safari