AA Shop investigating 13 gigabyte data breach

by GDPR Associates | 3rd July 2017 2:12 pm

The AA has been criticised over the way it has handled a data breach involving 13 gigabytes of data.

The huge cache was viewable online for a few days in April, but the motoring organisation said that it contained no “sensitive” information.

However, a security researcher who analysed the leak said he found details like email addresses, names and parts of payment card numbers.

He said said it was a “very serious incident” the AA needed to address.

Customer information

AA president Edmund King said it first learned about the problem with data used for its online shop on 22 April. Soon after discovery, the firm that runs the shop on the AA’s behalf was told about the problem.

“They identified the vulnerability and the issue was resolved on 25 April,” he said.

A server “misconfiguration” was blamed for giving access to two back-up files that contained information about orders for maps and other products from retailers and some customers.

This article and any associated images were originally published here:
http://www.bbc.co.uk/news/technology-40483201

Source URL: https://www.gdpr.associates/aa-shop-investigating-13-gigabyte-data-breach/