Inspiring Vacations, a Melbourne-based travel operator, has suffered a huge blow after a significant data breach exposed the personal information of around 112,000 travellers. The hacked data contains sensitive information, such as high-resolution passport photos, travel visa certificates, itineraries, and partial credit card numbers.
Details of the Breach
This breach occurred in late November when a non-password-secured database with around 112,000 records was mistakenly exposed online. The disclosed information also included a folder with CVs with the people’s full names, addresses, phone numbers, and email addresses. The majority of the impacted travellers are Australians; however, customers from New Zealand, Ireland, and Britain have also been affected. This incident underscores the critical importance of robust cybersecurity measures for companies handling sensitive data, highlighting the necessity for increased vigilance among cybersecurity companies to prevent such breaches.
Response and Investigation
Inspiring Vacations confirmed the breach and immediately initiated an investigation into the matter. In compliance with Australia’s mandated reporting regulations, the corporation alerted regulators such as the Office of the Information Commissioner and the Australian Cyber Security Centre. The hack was detected by cybersecurity researcher Jeremiah Fowler, who immediately reported it to the organisation and authorities.Mr. Manish Chaudhari, CISO of Cybernetic Global Intelligence, an internationally recognised provider of cybersecurity services, said that “companies must emphasise network penetration testing to identify vulnerabilities before criminal actors exploit them. Proactive actions like this are critical for protecting sensitive information and retaining customer trust.”
This event adds to the growing list of cybersecurity failures affecting Australian organisations. According to data from the Australian Signals Directorate, approximately 127,000 hacks against Australian systems occurred in the fiscal years 2022 and 2023, indicating a considerable increase in cyberattacks. These cases highlight growing concerns about personal data protection and the possible hazards to anyone affected by such breaches. It also emphasises the continuous challenges and the significance of strong cybersecurity measures for protecting sensitive information in the digital age.