Why have cyberattacks once again emerged in the headlines?
This week, Fota Wildlife Park initiated emailing customers who purchased tickets via its website. The Cork venue revealed it was targeted by a cyberattack and advised those impacted to invalidate their credit or debit cards and keep a watchful eye on their accounts for any out-of-place activity.
Does this situation seem grave?
Indeed, it is a grave matter. Though cyberattacks are deplorably common, instructing clients to cancel their cards is not a typical response from affected companies. Established data protection regulations prevent organisations from retaining intricate financial details, making it less likely that such information will be exposed in the event of a cyberattack.
What sets this incident apart, then?
The specifics of the incident are still under scrutiny as investigations proceed. However, cybersecurity specialists suggest it bears the signs of a “man in the middle” attack.
Could you clarify what that entails?
In such attacks, cybercriminals gain unauthorised access to a company’s infrastructure and slowly extract critical data over time. They can gather comprehensive credit and debit card information along with other details, instead of stealing massive quantities of data all at once.
What actions can be undertaken with such information?
The actions will vary depending on who orchestrated the attack. Petty criminals may illicitly utilise some of the card details to order items online, which can then be resold on various platforms for a quick profit.
What about more professional criminals?
Their strategies are more forward-thinking. They gather all the card details, then distribute them in groups on the dark web.
The situation sounds rather ominous. What would they charge for such information?
The value of card details fluctuates with the exposure of a breach. Prior to the breach being revealed, the card details hold significant value, though this diminishes significantly once the company acknowledges the attack and informs its customers. In this instance, the potential illegally gathered card details would have been more valuable at the start of the week compared to now.
If you suspect your card has been utilized for illegal activities, what should you do?
First and foremost, if you purchased tickets from the Fota Wildlife Park’s website between May 12th and August 27th, you need to notify your card provider immediately and cancel that card. Following that, review your statements for the same time and scrutinise for unfamiliar transactions. If any such transactions turn up, you must promptly alert your bank or payment card provider.
Then what happens?
That largely depends on the type of card which may be compromised as well as possibly your banking institution. Credit cards typically offer more protection to consumers than do debit cards. It is your responsibility to contact your bank or provider and understand the procedures in place.
Is there more that should concern me?
Unfortunately, the answer is yes. Although financial information is the main worry, in this type of hack, the criminals most likely have access to other sensitive information such as passwords, names, phone numbers, email addresses, device information, and the IP address used during booking. Although individually this information has limited value, when sold as a package it can enable criminal enterprises to target selected individuals for future deceptions.
Sounds troubling, doesn’t it?
Certainly, this is a worrisome situation. The criminal who knows your name, email, and phone number, and also understands your interests in wildlife or similar activities to Fota, can produce customised scams for you. Global data suggests that the more tailored a fraud is, the more probable its success.
What’s next on the cards?
Fota Island Wildlife park has stated it has initiated immediate actions to investigate and pinpoint what information has been accessed on its website, as a containment measure. The park has taken the assistance of external cybersecurity experts and informed the Data Protection Commission about the incident. The park will fully support any investigation.
What should I be doing in the meantime?
If you’ve made purchases over the summer period using the park’s online platform, it’s highly advisable to invalidate your card and revise your passcodes, especially if they are identical to those applied on the platform. Additionally, maintain vigilant oversight of your account and exercise caution with regards to any phone calls or emails you may receive in the future that appear in any way questionable.