Privacy Ninja

Privacy Protection Agency Seizes Servers of Hacked Travel Company

Privacy Protection Agency Seizes Servers of Hacked Travel Company

The Privacy Protection Authority in Israel seized servers hosting multiple travel booking websites because their operator failed to address security issues that enabled data breaches affecting more than 300,000 individuals.

At least 10 websites managed by Gol Tours LTD in Israel have been been shut down following a notification from the agency about fixing the security vulnerabilities that allowed hackers to steal personal information and credit card data belonging to customers.

Iranian group attribution

On Thursday, Israel’s The Privacy Protection Authority on Thursday confirmed the cyberattack, which is believed to be the work of an Iranian threat actor, The Times of Israel reports.

Also Read: Intrusion Into Privacy All About Law And Legal Definition

According to the publication, the agency contacted Gol Tours immediately after the hack and asked to address the security flaws the hackers exploited in the incident.

“In any case of failing to immediately report a serious security breach and not cooperating according to the guidelines, the authority will take decisive action to protect the personal information of the public, including effectively halting the company’s operations” – Israel’s Privacy Protection Authority

Ram Levi, the CEO of Konfidas, a cyber and crisis management company, said that the hackers are an Iranian group called Sharp Boys.

Cyberattack on Israeli travel sites attributed to Sharp Boys Iranian hackers
Cyberattack attributed to Sharp Boys source: Ram Levi

The Privacy Protection Authority seizing servers of a company that had been victim of a cyberattack is a first in Israel. Levi notes that the websites have been shut down and the agency is examining the systems as part of its investigation.

The owner of Gol Tours said that the hackers only stole names and phone numbers for the websites’ databases and that the agency’s accusations of refusing to improve security were wrong.

“I never said I wouldn’t upgrade [security] because it would cost me money, never,” Gol Tours said, adding that “the authority had sent us a faulty document and didn’t respond to our messages.”

Sharp Boys data leaks

On their website, the Sharp Boys gang describes itself as “an independent hacker group.” They announced the hack on June 11, saying that they had stolen databases containing names, phone numbers, email addresses, credit card data, passport numbers, and customers’ travel history.

Also Read: New Data Protection Laws Australia: How Implementation Works

Sharp Boys announcement on hacking multiple Israeli travel sites
Sharp Boys claiming hacks of Israeli travel sites – source: BleepingComputer

The list above published by the threat actor includes the same websites that have been reported to be shut down by Israel’s The Privacy Protection Authority.

In the next few days after announcing the hack, Sharp Boys leaked 300,000 records of customer data.

The gang also shared a screenshot from a remote desktop connection showing that they had access to more than two dozen domains allegedly owned by Gol Tours.

BleepingComputer checked the registration information for several of them and found that they were operated by Gol Tours LTD and had a contact email address hosted at gol.co[.]il, a site that is up and running at the time of publishing.

Outsourced Data Protection Officer – It is mandatory to appoint a Data Protection Officer. We help our clients quickly comply with their PDPA & data protection requirements.

Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.

Smart Contract Audit – Leverage our industry-leading suite of blockchain security analysis tools, combined with hands-on review from our veteran smart contract auditors.

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Powered by WhatsApp Chat

× Chat with us