Teletext Holidays Data Breach Exposes 212,000 Customer Call Recordings

It has been reported that British travel company Teletext Holidays has suffered a data breach in which some 212,000 customer call audio files were left unprotected on an online server for three years, exposing customer names, email addresses, home addresses, phone numbers and dates of birth. Verdict discovered the files – which have since been removed – on an unsecured Amazon Web Services server. The calls took place between the 10 April 2016 and 10 August 2016. They range from a few minutes to up to an hour and, based on accents, appear to involve UK customers.


EXPERTS COMMENTS
Richard Walters, CTO ,  Censornet
September 05, 2019
With the proliferation of organisations using cloud services like AWS, those responsible for locking down data need.
The news that Teletext Holidays left the recorded telephone calls of over 200,000 customers exposed online for over three years provides yet another example of the security issues that misconfiguration of the cloud can cause for businesses. To make matters even worse, some of the stored calls also had accompanying transcripts, making life even easier for criminals searching for the personal de ....
[Read More >>]
Stuart Reed, VP ,  Nominet
September 04, 2019
Teletext have put the names, email addresses, home addresses, phone numbers and dates of birth of more than 200,000 customers at risk.
The use of cloud services such as Amazon Web Services have become ubiquitous in recent years, and organisations - such as Teletext Holidays - are much more comfortable trusting sensitive data to the cloud. In fact, our own research has found that 61 percent of security professionals believe the risk of a security breach is the same or lower in cloud environments compared to on-premise. However, Te ....
[Read More >>]
Malcolm Taylor, Director of Cyber Advisory,  ITC Secure
September 02, 2019
It is also a treasure trove for anyone who wants to build more sophisticated and damaging attacks.
Aside from the painfully obvious “please don’t store unencrypted data in unencrypted data stores and be at all surprised when it leaks”, this makes the point very well that the actual medium in which data is stored is irrelevant; the fact that these were voice files makes no difference to the value of the data to hackers. It all has a dollar value and is saleable online (and will be for sale ....
[Read More >>]
Robert Ramsden Board, VP EMEA ,  Securonix
September 02, 2019
The lack of cyber hygiene demonstrated here tells us a lot about current cyber security culture and organisations.
Data breaches involving personally Identifiable Information (PII) provide cybercriminals with a treasure trove of information that could be used to carry out identity fraud, phishing or targeted email attacks. The lack of cyber hygiene demonstrated here tells us a lot about current cyber security culture and organisations need to make sure that any sensitive data is stored on secure servers. ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article