According to a database leaked by Motherboard, an unprotected server included private data on over 100,000 AA users, frequently including partial credit card information.
The information obtained by Motherboard includes 117,000 distinct email addresses, along with full names, postal addresses, IP addresses, purchase information, and credit card numbers.
The credit card's last four digits and expiration date are included in that information.
According to security expert Scott Helme, the data also appears to contain a number of password hashes, an expired certificate, and a secret encryption key.
TPRM report: https://scoringcyber.rankiteo.com/company/the-aa
"id": "the134611122",
"linkid": "the-aa",
"type": "Data Leak",
"date": "07/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 117000,
'name': 'AA',
'type': 'Company'}],
'data_breach': {'number_of_records_exposed': 117000,
'personally_identifiable_information': ['full names',
'postal addresses',
'IP addresses'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['email addresses',
'full names',
'postal addresses',
'IP addresses',
'purchase information',
'credit card numbers',
'password hashes',
'expired certificate',
'secret encryption key']},
'description': 'A database leaked by Motherboard revealed an unprotected '
'server containing private data on over 100,000 AA users, '
'including partial credit card information.',
'impact': {'data_compromised': ['email addresses',
'full names',
'postal addresses',
'IP addresses',
'purchase information',
'credit card numbers',
'password hashes',
'expired certificate',
'secret encryption key']},
'references': [{'source': 'Motherboard'}],
'title': 'Data Breach Exposing Partial Credit Card Information',
'type': 'Data Breach',
'vulnerability_exploited': 'Unprotected Server'}