Teletext Holidays Data Breach

on 27 Mar 2020 | by Doug

Teletext Holidays are a British Travel company owned by Truly Travel. Their holidays range from long haul beach holidays, to short stay city breaks, and cruises. The sites audience ranges from 18 to the over 55’s. In January 2014 Teletext began to work with one sole supplier for their holidays.


“Verdict covers topics surrounding global technology, business and innovation with speed, accuracy and intelligence. Powered by data and smart visualisation techniques, Verdict brings you all you need to know in engaging and thought-provoking way.” they investigate businesses to see if they are following the laws put in place.


The recorded telephone calls of 200,000 customers were left available on a cloud server for three years, an investigation was carried out by Verdict. Teletext-Truly Travel has now reported the Breach to the Information Commissioners Office (‘ICO’). Verdict has claimed that in some of the recordings you can hear credit card numbers spoken between the customer and the Teletext employee. Lately the audio files have been stored on Amazon Web Services due to the long line of security issues that were occurring on the Cloud. Truly Travel told the BBC “Our booking procedure does not allow agents to take card numbers over the phone. Customers are asked to punch their card details into a secure automated system. If a customer attempts to give their card information verbally, they are stopped by the agent." Truly Travel have also said “Once the matter was brought to our attention, we immediately secured the files in question. We have contacted the Information Commissioner's Office.” The calls that Teletext take range from a few minutes up to an hour discussing the holiday details. Involved in a few of the calls were the discussions of credit card and payment details. When a business take a credit card number over the phone, whether it is taped or spoken the business are obliged to mute this section of the call. Security consultant Graham Cluley had this to say about the incident. "Most consumers accept that recordings may be kept for 'training purposes', but you also expect them to be stored securely and certainly not left lying around in an internet-connected bucket where any Tom, Dick or Harry could access them with malicious intent.” "Things are made even more serious by the fact that some of these records had transcriptions, making it even easier for a criminal to scour through the database to access information that they could monetise with fraudulent intent." What they have done about the Breach: Truly Travel had reported the breach to the ICO who are now investigating the incident. Truly have also taken their files out of the cloud as they thought it was an easy security breach, and moved it to Amazon Web Services.


Pure Legal (‘Pure’) have team of legal experts, who deal with hundreds of cases like yours. You don’t have to worry about your claim as it will be assessed by one of our experts, and once your claim has been accepted you will either be passed to one of panel solicitors that we work closely with or worked on by Pure’s highly skilled solicitors. The panel firm will then dedicate a highly skilled solicitor to your case, so you always have someone to contact with your queries. You don’t have to worry about paying if you lose your case, as Pure work on a “no win, no fee” basis. We know that your data is precious to you and we want to help you get compensation if your data has been breached. If you are worried or concerned that your has been breached by a company give Pure a call by clicking the link below


24/09/2020 16:04:41