View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 3, 2017updated 04 Jul 2017 9:57am

AA data breach DID contain sensitive information, says security researcher

The AA may be suffering a breakdown of communication in the aftermath of April's data breach.

By Ellie Burns

The AA may be in need of some cyber-side assistance of its own following reports that a recent data breach exposed sensitive information such as names, addresses and credit card numbers.

The data breach was first discovered on 22 April, when the motoring group first learned of the breach affecting data used for it’s online shop. AA President Edmund King later confirmed that the issue had been fixed by 25 April, blaming a server ‘misconfiguration’ for giving access to two back-up files that contained orders for maps and other products from retailers and customers.

In contrast to today’s news, the AA then stated that the breach only related to shop orders and contained no sensitive information. Security researcher Troy Hunt, however, found 117,000 unique email addresses as well as names and credit card information after analysing the leak. A separate analysis by Motherboard researcher Scott Helme also found the same data in the cache.

“I have confirmed with many Have I Been Pwned subscribers in the data and they have verified that it’s accurate,” Mr Hunt told the BBC. “They’re customers of the AA and they never received a notification about the data exposure.

“At no point does their statement acknowledge the severity of the exposed data nor that they failed to notify customers when learning of the exposure.”

However, although two independent investigations iunto the breach have reached the same conclusions, Ilia Kolochenko, CEO of web application security firm, High-Tech Bridge, says that people should not rush to point the finger of blame.

READ MORE: Top 5 worst data breaches to hit the UK

“At the moment, I would abstain from blaming anyone for the incident. Many important technical details are not clear yet, moreover some claims are contradictory.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“A verified journalistic source says that the database, and apparently AA’s entire web shop, were recently accessed by several unauthorized third-parties. Cybercriminals could easily be among them, meaning that we should be prepared that the entire 100k database is breached and will be for sale on the Dark Web soon. However, I would avoid any panic until a first confirmed incident, involving records from the breached database, appears. In any case, victims of the breach are better to cancel their credit cards and change all their passwords if they had same or similar ones for all the accounts.

“Allegations about the deliberate concealment of the data breach by the AA – seem to be highly unlikely for the moment.  We can probably speak about a negligent, and thus incomplete, investigation, but nothing more so far. Hopefully, the AA can clarify the situation and dispel all doubts shortly.”

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.