ICO fines online travel services firm £150,000 over exposed personal data

Hacker steals over a million credit and debit card records

The Information Commissioner's Office (ICO) has fined an online travel services company £150,000 over a serious breach of the Data Protection Act (DPA).

The company, Think W3 Limited, has been penalised for having poor security on one of its websites, which exposed over a million credit and debit card details to a malicious hacker.

Think W3 was hacked in December 2012 through the website of its subsidiary business, Essential Travel Ltd. The hacker was able to extract 1,163,996 credit and debit card records through the website, of which 430,599 were current details. The majority, 733,397, had expired.

The ICO found that card details had not been deleted since 2006, and that there had been no security checks or reviews since the system was initially installed.

Stephen Eckersley, head of enforcement at the ICO, said: "This was a staggering lapse that left more than a million holiday makers' sensitive personal details exposed to a malicious hacker.

"Data security should be a top priority for any business that operates online. Think W3 Limited accepted liability for failing to keep their customers' personal data secure; failing to test their security and failing to delete out-of-date information."

He added: "The public's awareness of the importance of data protection is rising all the time. Ignorance from data controllers is no excuse. They must take active steps to ensure the personal data they are responsible for is kept safe or face enforcement action and the resulting reputational damage."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Information Commissioner's Office

More about ICO

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Anh Nguyen

Latest Videos

More videos

Blog Posts