AA Traveller Website Hack
AA Traveller Website Hack – AA Traveller announced that a security incident in the AA Traveller website led to customer data being compromised. The now deprecated website allowed customers to make travel bookings, enter competitions, participate in surveys, and receive travel-related newsletters.
Affected customers received a notification from AA Traveller that explained that a website vulnerability allowed an unauthorised party to access information within their database.
The hack occurred in August 2021 and was only identified and confirmed in March 2022.
In a recent Forbes article, they highlighted the high rates of known, fixable vulnerabilities that have working exploits that are used by several criminal groups. Many high-profile breaches and attacks in 2021 were attributed to weaknesses, such as exposed remote login or exposed data stores.
The compromised data included customer:
names
email addresses
passwords (created for the deprecated AA Traveller booking website)
addresses
phone numbers
AA Traveller apologised to customers after the breach and explained that the vulnerability has now been fixed. They also stated that they are working with the Office of the Privacy Commissioner cyber security advisors to investigate the security incident.
They asked customers to change their passwords where they reused their AA Traveller website password and be vigilant to phishing emails or scam communications from organisations claiming to be AA Traveller. You can report any suspected fraudulent activity to government cyber security watchdog, CERT NZ, here.
Website exposures can be easy to address. The challenge is visibility in your IT environment which prevent organisations from detecting and mitigating exposures and risks rapidly. Take a look at our 7 top tips for small businesses.