AA Exposed Emails, Credit Card Data, But Didn’t Tell Customers

CERT-LatestNews Security News ThreatsCybercrime Uncategorized

AA exposed emails, credit card data, but didn’t tell customers, Ilia Kolochenko, CEO at High-Tech Bridge commented below.

Ilia Kolochenko, CEO at High-Tech Bridge:

“At the moment, I would abstain from blaming anyone for the incident. Many important technical details are not clear yet, moreover some claims are contradictory.

A verified journalistic source says that the database, and apparently AA’s entire web shop, were recently accessed by several unauthorized third-parties. Cybercriminals could easily be among them, meaning that we should be prepared that the entire 100k database is breached and will be for sale on the Dark Web soon. However, I would avoid any panic until a first confirmed incident, involving records from the breached database, appears. In any case, victims of the breach are better to cancel their credit cards and change all their passwords if they had same or similar ones for all the accounts.

Allegations about the deliberate concealment of the data breach by the AA – seem to be highly unlikely for the moment.  We can probably speak about a negligent, and thus incomplete, investigation, but nothing more so far. Hopefully, the AA can clarify the situation and dispel all doubts shortly.”

http://www.informationsecuritybuzz.com/expert-comments/aa-exposed-emails-credit-card-data-didnt-tell-customers/

Tagged