The privacy spotlight has been shining on data security this week following the data breach at a Melbourne based travel company Inspiring Vacations, where thousands of passport and travel details were made available publicly online.
The data was found and reported by cybersecurity researcher, Jeremiah Fowler.
In the incident, more than 112,000 records accessed from a non-password protected database 26.8GB in size.
John Baird, the CEO of Revio Cyber Security said any company who has used Amazon Web Services should take a look at their settings, or even better, get an expert to do it for them.
“I keep saying to people with Amazon Web Services, the clue’s in the name. It’s all about web services,” Baird told Travel Talk.
“It was built to connect every machine directly to the internet so they could all supply services for shopping sites.”
“The concept of security and trying to build a datacentre in Amazon Web Services is a bit tricky.
“What’s happened is, they’ve created their bucket, they put their data in it, they can see the data so they think it’s working fine.
“They haven’t bothered to check if anyone else can read it,” he said.
He said anyone concerned that they could be at risk of a similar breach should contact a security consultant.
“They’ll come in and do a little mini audit on your s3 configuration. Just get them to have a look at the configuration.”
He said companies need to be careful with customer information. A change in privacy laws now means a company of any size needs to be compliant.
“It used to be that if you turn over more than $5 million, you have to be compliant with the privacy act. That’s gone away. Now, it doesn’t matter how much you make, you have to be compliant with the Privacy Act.
“Many companies assume it doesn’t apply to them and then suddenly find out, oh yeah, it does,” he said.
Inspiring Vacations is a member of CATO, the Council of Australian Tour Operators. Its managing director Brett Jardine said cybersecurity remains a top priority for the industry
“We encourage all our members to remain vigilant in safeguarding customer data. As a part of our ongoing commitment, we regularly update our members on emerging cybersecurity trends and provide access to experts who can offer guidance and solutions”.
“The recent incident involving Inspiring Vacations serves as a stark reminder of the importance of proactive cybersecurity measures. We are here to support members in taking the necessary steps to protect their customers’ data and maintain the trust of travellers. Together, we can stay ahead of these challenges and uphold the highest standards of data security within the travel industry,” Jardine said.
