Jump to content

Teletext Holidays data breach exposes 212,000 customer call recordings


Disco Bob

Recommended Posts

British travel company Teletext Holidays has suffered a data breach in which some 212,000 customer call audio files were left unprotected on an online server for three years, exposing customer names, email addresses, home addresses, phone numbers and dates of birth.

Truly Travels, trading as Teletext Holidays, formed out of the once-popular television information text service. It now advertises package holidays online and completes bookings over the phone.

Verdict discovered the files – which have since been removed – on an unsecured Amazon Web Services server. In total, there were 532,000 files. Of those, 212,000 were audio files from Teletext customers calling its India-based call centre.

 

The calls took place between the 10 April 2016 and 10 August 2016. They range from a few minutes to up to an hour and, based on accents, appear to involve UK customers. In recordings heard by Verdict, customers can be heard booking holidays, amending bookings, enquiring about trips and making complaints.

Details about each holiday, including flight time, location and cost, can also be heard. In conversations where a holiday is booked, customers also tell the Teletext Holidays employees partial card details. This includes the type of card, name on card and expiry date.

Instead of saying their card number and three-digit security number, customers type them into the keypad – protecting the most serious financial information. In a very small number of calls, Verdict heard customers begin to say their card number out loud, before the call centre operator interjects.

The names and dates of birth of accompanying passengers, such as partners and children, can also be heard.

Teletext Holidays removed all 532,000 files almost immediately after Verdict notified the company. In a statement, a Truly Travel spokesperson (trading as Teletext Holidays) spokesperson said:

“We are in the process of reporting the matter to the ICO, and we will fully comply with our wider legal obligations.

“The company is taking all appropriate steps to ensure that this situation does not occur in the future.”

Customers recorded while on hold

In some calls heard by Verdict, Teletext customers continued to be recorded while put on hold, with Verdict hearing couples talking privately among themselves. In one, a mother can be heard trying to calm her crying children while she waits.

In another, a couple is placed on hold for several minutes, during which they discuss whether to go ahead with the booking, before whispering “I’m going to hang up”.

 

 

https://www.verdict.co.uk/teletext-holidays-data-breach-customer-call/

Link to comment
Share on other sites


  • Views 294
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...