Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
In the middle of this week Fota Wildlife Park began emailing customers who had bought tickets on its website to visit the Cork attraction telling them it had been the victim of a cyberattack. The mail urged people affected to cancel their credit or debit cards and monitor their accounts for suspicious activity.
It is very serious indeed. While cyberattacks are all too common, it is quite unusual for customers of any company to be told they need to cancel their credit or debit cards. That is because under well-established data protection rules companies do not store such sensitive financial details on their systems. Those rules mean that even if a company is targeted by criminals, sensitive financial details of customers are unlikely to be compromised.
It is probably too early to say exactly what has happened here as the investigations are ongoing but according to cybersecurity experts this has the hallmarks of what they call a “man in the middle” attack.
It means that instead of breaching a company’s systems and stealing mountains of data in one go, the criminals gain illegal access and quietly hoover up the key data customers input over a period of time. That means they can collect complete details of credit and debit cards as well as other details.
It depends on who is behind the attack. Low-level criminals might simply use some of the credit or debit card numbers illegally obtained to buy products online which they will then sell on different platforms in order to make some easy money.
They play a longer game. They collect all the card details and then sell them in batches on the dark web.
That very much depends on the timing. Card details have far more value when the breaches have not yet been exposed but the value falls dramatically once the company that has been targeted becomes aware of the attack and starts alerting customers. In this case, the card details that may have been illegally obtained would have had far more value on Monday of this week than they have now.
The very first thing you need to do if you booked tickets on the Fota Wildlife Park website between May 12th and August 27th is to contact your bank and cancel the card that was used. Then go through your statements over the same period and look out for any transactions you do not recognise. If you see any, you will have to contact your bank or credit card provider immediately and flag it.
It depends on the type of card that has been compromised and possibly on your bank. Credit cards often offer a greater deal of protection to consumers than debit cards but in the first instance you will need to contact your bank or card provider and find out about its processes.
Unfortunately, yes. While sensitive financial details are obviously of the greatest concern, in a hack of this nature, the criminals will also most likely have had access to passwords, names, phone numbers and email addresses. They will also know the IP address used when making the bookings and the devices that were used. While much of this granular information has little value in isolation, it can be sold as a job lot, and used by various criminal enterprises to target individuals for future scams.
Yes. If a criminal knows your name, email address and phone number, and is aware that you like wildlife or similar amenities to Fota, they can create bespoke scams for you. International evidence suggests that the more targeted and personalised a scam, the more likely it is to succeed.
Fota Island Wildlife park has said it has taken “immediate steps to investigate and identify what information had been accessed on our website” in order to carry out containment measures. It added that external forensic cybersecurity experts had been engaged, and the incident had been notified to the Data Protection Commission. The park said it would co-operate fully with an investigation.
If you bought tickets on the park’s website over the summer months you need to cancel your card and change your passwords if they match the one you may have used on the site. You also need to keep a close eye on your account and be mindful of any email or phone communication you get in the future that may look in any way suspect.