Personal data of over 200,000 customers affected in data breach of UK-based Truly Travels

• The breach occurred due to an unsecured Amazon Web Services server.
• The data in the server was left open to the internet for three years.

Truly Travels, a British holiday firm has suffered a data breach due to an unsecured Amazon Web Services server. The incident has impacted the personal details of over 200,000 customers.

What data was exposed?

As reported by Verdict, the data in the server was left open to the internet for three years. This included customers’ names, email addresses, home addresses, phone numbers, and birth dates.

In total, there were 532,000 audio files in the unprotected server. Of these, 212,000 belonged to Truly Travels, which trades under the name Teletext Holidays. The calls took place between 10 April 2016 and 10 August 2016. They ranged from a few minutes to up to an hour and appeared to involve UK customers.

A majority of audio calls included customers’ queries about trips, location cost, and flight timings. The calls also included partial card details such as the type of card, name on the card and expiry date.

The names and dates of birth of accompanying passengers such as partners and children were also a part of some audio files.

How did the company respond?

Teletext Holidays removed all 532,000 files immediately after Verdict notified the company. Furthermore, the company is taking all appropriate steps to ensure that such situations does not occur in the future.