Privacy Protection Agency Seizes Hacked Travel Company’s Servers
Israel’s PAA Confiscated Computers Hosting Various Vacation Booking Websites.
The Privacy Protection Body is the Israeli regulatory and enforcement authority for personal digital information. This authority is responsible for ensuring compliance with the law. The authority is in charge of ensuring the safety of any personally identifiable information that is stored in digital databases.
This rule applies to all organizations in Israel, whether they are public, private, or commercial, and regardless of whether they retain or handle personal digital information. It contains both administrative and criminal enforcement provisions.
Because its operator failed to fix security vulnerabilities that facilitated data breaches that affected more than 300,000 persons, the Privacy Protection Authority in Israel confiscated the servers that hosted various travel booking websites.
Following a notice from the agency regarding resolving the security flaws, at least ten websites owned by Gol Tours LTD in Israel have been shut down. These vulnerabilities enabled hackers to obtain customers’ personal information and credit card data.
According to a report from The Times of Israel, Israel’s Privacy Protection Authority announced on Thursday that a cyberattack had taken place. It is suspected that an Iranian threat actor was responsible for the incident.
According to the magazine, the agency got in touch with Gol Tours as soon as the attack occurred and requested that the company fix the security flaws that the hackers had taken advantage of in the event.
In any case of failing to immediately report a serious security breach and not cooperating according to the guidelines, the authority will take decisive action to protect the personal information of the public, including effectively halting the company’s operations.
As BleepingComputer reports, this is the first time when the Privacy Protection Authority seized the computers of a corporation that had been the target of a cyberattack.
The regulatory body expressed the hope that the unprecedented action it had taken in this instance would serve as a deterrent to other website owners who, in the future, may think twice before disclosing a breach in website security.