Thomson data breach exposes passenger details

Thomson, a UK based holiday company, apologized to their customers this weekend about a small but rather significant data breach. This comes on the back of much larger breaches such Ashley Madison in the US within the last few weeks.

My attention was grabbed by the depth of what data was breached and also the method in which it was distributed, rather than the quantity of what was mistakenly disclosed. Just 458 people have been effected, all of them UK based.

In a statement, Thomson apologized and said “We are aware of an email that was sent in error, which shared a small number of customers’ information. The error was identified very quickly and the email was recalled, which was successful in a significant number of cases”.

The interesting element to this story is that regardless of the perimeter security that Thomson has in place to avert hackers and cybercriminals, a simple human error of attaching data to an email has caused concern for a number of customers.

The data included in the breach includes: name, home address, telephone number, flight dates, email address and the outstanding balance due. The data was shared with all the people on the list itself, so 458 people have the data.

There are technologies available that allow companies to limit the data that is sent out in emails or other communications. These are termed ‘data leakage prevention’ technologies and I am sure that the Thomson IT team will be evaluating a solution of this type.

In the BBC article that covered this breach the people effected are talking about cancelling holidays and are of course worried about being burgled.

What advice can be offered in this instance? An obvious one is to change the dates of your holiday and insist that Thomson cover the costs. In reality though many people have probably scheduled time off work, and its not easy to change plans. I think if this happened to me, the option I would take is to have someone house sit for me while I am away.

Follow me on Twitter @TonyatAVG

Leave a Reply