Thomas Cook admits data breach
Thomas Cook has suffered a data breach which exposed the names, email addresses, and flight details of customers.
Blogger Roy Solberg, a Norwegian security researcher accessed the customer data through vulnerabilities, which he has since reported, according to Sky News.
Thomas Cook said the gaps in its security have since been plugged. It said Solberg was the only person to exploit the security issue and that fewer than 100 bookings were accessed.
It is understood that Thomas Cook decided during an internal assessment that there was no need to report the incident to the data protection authority due to the nature of the data that was accessed.
However, Solberg has claimed in his blog that the details of tens of thousands of bookings dating back to 2013 were available to hackers. He said he the breach had occurred on Thomas Cook’s Norwegian site airshoppen, where customers can buy upgrades and duty-free items.
In his blog post, Solberg said: “I never download a lot of data as I don’t want anyone to question my motives, but I do like to get an idea of the scope of a data leak, so I did a few tests to see if I could see how many bookings this was affecting.”
In a statement, Thomas Cook told Sky News: “We take any breach of our customer data extremely seriously.