UK package holiday firm Telextext Holidays has been hit by a data breach which saw the details of thousands of customers left exposed online.
Over half a million files were found to be stored on an unsecured Amazon Web Services server by news site Verdict. Nearly half of the files were found to be recordings of calls customers made to Teletext Holdiays' Indian-based call centre, with UK customers appearing to be involved.
According to Verdict, which discovered the breach, information such as names, email addresses, home addresses, phone numbers and dates of birth were exposed and unprotected on the AWS server for three years
Around 212,000 customer call audio files made between April 10 2016 and August 10 2016 were in the cache, involving customers booking holidays, amending bookings, enquiring about trips and making complaints.
The calls also include details concerning each holiday, such as location, cost and even the times of specific flights. Some of the calls concerning booking a holiday also see customers giving the Teletext Holidays employees partial card details including the type of card, name on card and expiry date.
The actual card number and security code are not included in this, with customers having to type these details using their phone's keypad. However "a very small number of calls" saw the customer say part of their card number out loud before being interrupted by the employee.
Verdict says that it informed Truly Travels, which trades as Teletext Holidays, of the breach, with the company almost immediately removing all 532,000 files.
In a statement, Truly Travel said: "We are in the process of reporting the matter to the ICO, and we will fully comply with our wider legal obligations. The company is taking all appropriate steps to ensure that this situation does not occur in the future."
Gloss