iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Several media reports assumed that the number of exposed records equated to the number of affected individuals.
Melbourne-based travel agency Inspiring Vacations has released an update regarding the cyber incident it faced late last year, in which it left a database containing customer information exposed.
The company said that over the Christmas break, it conducted an in-depth forensic investigation to determine what information may have been accessed. It said that outside of alerting customers and the Office of the Australian Information Commissioner (OAIC), it remained quiet on the incident until the end of the investigation.
“We were determined to conduct a full and comprehensive investigation into these claims so that we could provide the best advice and guidance to those who were impacted,” said Inspiring Vacations managing director Paul Ryan.
“Finding out what happened and determining how to prevent reoccurrence has been of paramount importance since we were first made aware of the claims.”
“The completion of our investigation and the ability to provide the necessary precautionary steps for those people impacted is the result of painstaking work by many people within our organisation.”
The investigation found that an individual who had accessed the misconfigured AWS bucket downloaded a dataset that contained passport information, driver’s licenses, COVID-19 certificates, visas, and more.
The databases and folders were secured as soon as the company was notified of the incident. Inspiring Vacations can confirm that there has been no further access to its systems.
The investigation also found that the number of affected individuals was much lower than what many media outlets had reported, with several publications mistaking the cited 112,000 exposed records as equating individuals.
For example, one publication’s headline at the time of writing simply said, “Personal information of more than 112,000 people exposed in data breach”, a misinterpretation of yesterday’s (10 January) findings.
“Inspiring Vacations would like to clarify that the number of individuals at risk of data misuse is significantly smaller than suggested in a number of recent media reports,” the company wrote in a statement.
Inspiring Vacations added that those affected by the incident “have now been provided with specific details about the nature of data impacted and steps that can be taken to mitigate any risk presented”.
The OAIC has also been provided an update on the state of the investigation.
Inspiring Vacations, which originally contacted its customer bases regarding the incident in December last year, has apologised for the incident as well as any fear or worry the original notification may have caused.
“We are deeply sorry that this has happened and apologise for any concern or distress that our initial communications in December might have caused.
“We were determined to contact all potentially impacted people at the earliest opportunity, before investigations allowed us to engage directly with the group who face a risk of data misuse,” it said.
Be the first to hear the latest developments in the cyber industry.
