Travel booking website AA Traveller suffered a data breach incident because of a vulnerability in its application where all the AA Traveller information was stored.
An unauthorised party accessed information containing personally identifiable information within the database.
However, upon discovery, AA Traveller fixed the vulnerability and worked with cyber security advisors on removing and safely securing the data.
Source: https://www.rnz.co.nz/news/national/466834/data-breach-on-aa-traveller-website
TPRM report: https://scoringcyber.rankiteo.com/company/aa-tourism
"id": "aat104218822",
"linkid": "aa-tourism",
"type": "Vulnerability",
"date": "05/2022",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Travel Booking',
'name': 'AA Traveller',
'type': 'Company'}],
'attack_vector': 'Application Vulnerability',
'data_breach': {'personally_identifiable_information': 'Yes',
'type_of_data_compromised': 'Personally Identifiable '
'Information'},
'description': 'Travel booking website AA Traveller suffered a data breach '
'incident due to a vulnerability in its application where all '
'the AA Traveller information was stored. An unauthorized '
'party accessed information containing personally identifiable '
'information within the database. Upon discovery, AA Traveller '
'fixed the vulnerability and worked with cyber security '
'advisors on removing and safely securing the data.',
'impact': {'data_compromised': 'Personally Identifiable Information'},
'response': {'containment_measures': 'Fixed the vulnerability',
'remediation_measures': 'Removing and safely securing the data',
'third_party_assistance': 'Cyber Security Advisors'},
'threat_actor': 'Unauthorized Party',
'title': 'Data Breach at AA Traveller',
'type': 'Data Breach',
'vulnerability_exploited': 'Application Vulnerability'}