Data Breach at a travel agency as employee loses hard disk that contained private data of 200 clients
- Travel agency Insight Vacation’s employee loses hard disk that contained private data of 200 clients.
- The information in the hard disk included names, email addresses, and NRIC details of almost 200 clients.
Insight Vacation’s employee had taken the portable hard disk out of the office without authorization and lost it in a taxi on his way home. The information in the hard disk included names, email addresses, and NRIC details of 200 clients. The hard disk also contained names, email addresses, and mobile numbers of almost 5000 people on the firm’s mailing list.
The travel firm learned the incident after it conducted an internal review of best practices for data protection. The firm has also blasted the employee which made the employee resign.
More details on the incident
Upon learning, Insight Vacations are investigating the incident and have started notifying its clients and the people on the mailing list of the incident via email. The email assured that the firm has taken necessary steps for protecting their private data. The travel agency has also notified the Personal Data Protection Commission.
“We immediately reported the incident to the relevant authorities after we discovered the accidental loss as we felt it was important to take a proactive approach to alert those affected on the risks of someone misusing their mobile number or mailing address,” a spokesperson for Insight Vacations told The New Paper.
The spokesperson confirmed that there has been no indication that any personal data has been accessed or misued. She added that the company values the importance of their guests' privacy and that they periodically review policies regarding customer data privacy.
“We have extensive policies and procedures governing the security of customers' personal information, including the use of portable data storage devices, and are conducting a thorough review of potentially affected records and taking measures to further improve our data security going forward,” the spokesperson said.
What were the preventive measures taken?
- Insight Vacations is closely working with third-party experts on data privacy and system security.
- The agency has also employed a global data security training provider to provide mandatory training for its employees.
“Insight Vacations and our parent company, The Travel Corporation, take the security of customer data seriously and regret that this incident has happened,” the spokesperson concluded.