Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Warning to customers as Fota Wildlife Park hit by cyberattack

  • 29-08-2024 8:01am
    #1
    Registered Users, Registered Users 2 Posts: 12,889 ✭✭✭✭


    FYI, move if in wrong place

    https://www.rte.ie/news/ireland/2024/0828/1467216-fota-wildlife-park-cyberattack/

    Fota Wildlife Park in Cork has been hit by a cyberattack and customers have been warned that their financial information may have been compromised.

    Users have been told that they may need to cancel credit/debit cards used to make payments on the park's website.

    “I can’t pay my staff or mortgage with instagram likes”.



Comments

  • Registered Users, Registered Users 2 Posts: 9,176 ✭✭✭blackwhite


    Expect a long hard look from the Data Protection Commissioner at this one.

    Advising customers to cancel debit/credit cards suggests that Fota may not have been PCI-compliant in how they handled customer card payments.



  • Registered Users, Registered Users 2 Posts: 169 ✭✭PixelCrafter


    This is why I always use a disposable Revolut card online for stuff like this.



  • Registered Users, Registered Users 2 Posts: 11,392 ✭✭✭✭Furze99


    Indeed, why would they have been storing card details. Perhaps for annual repeating memberships or something like that but hardly from the ordinary punter just getting tickets for a visit.



  • Registered Users, Registered Users 2 Posts: 9,176 ✭✭✭blackwhite


    Not supposed to hold card data like that.

    You are supposed to use a system where your card acquirer stores an encrypted token to enable repeat payments - the card details should not be accessible.



  • Registered Users, Registered Users 2 Posts: 22,639 ✭✭✭✭ELM327


    Not allowed hold card details under any circumstances. Hopefully a large fine from the DPC and or financial regulator.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 9,176 ✭✭✭blackwhite


    You can store an encrypted token to allow repeat payments be taken from the card.

    You just cannot store the actual card number itself.



  • Registered Users, Registered Users 2 Posts: 1,749 ✭✭✭Deagol


    Seriously? You want a charitable, award winning wild life sanctuary to get a large fine because they got hacked - like so many other institutions who have been - no wait to find out how and why etc before calling for a lynching.

    Keyboard warrior rubbish at it's very best. I hope you live such a blameless and perfect life that you're above reproach…

    My partner is affected by this and her reaction was a roll of the eyes and a quick moan about the inconvenience. No dramatic overreactions like this.



  • Registered Users, Registered Users 2 Posts: 4,414 ✭✭✭eightieschewbaccy


    Think is, if you doing enforce the rules around this kind of issue then it negatively impacts trust in all outlets online. They need to meet the same financial standards of other outlets and personally I'd prefer to know that charities etc don't get a free pass. If they did, I'd be less likely to donate.

    This also could be an overreaction on their part and they might be doing everything right so hopefully that's the case.



  • Registered Users, Registered Users 2 Posts: 15,743 ✭✭✭✭Fr Tod Umptious


    I wouldn't take much heed.

    It's a typical CA/IMO reaction.

    The person has probably never been to Fota to see what it offers and how popular it is.

    I'm surprised no one has chimed in with a wish that they go out of business because they are overpriced or something.



  • Registered Users, Registered Users 2 Posts: 7,864 ✭✭✭SuperBowserWorld


    I'm pretty sure the Cheetahs don't give a flying **** about the crazy humans and their **** planet destroying lifestyles. The juxtaposition of the invented human problems upon problems with pictures of caged majestic big cats is surreal.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 22,639 ✭✭✭✭ELM327


    Yes, a PAN token or network token, can be stored and retain PCI compliance. I work in finance and have done so for 15 years so I know the difference. Seems like others think PCI compliance is a non issue.

    No dramatic overreactions, so who pays for the losses caused by stolen card transactions? Other merchants? Banks? The card issuers? The how and why is irrelevant, they were storing class 1 data which can never be stored.

    I've been to fota several times. From visiting as a child to taking my own family there and trying out the tesla chargers when we were excited to find a destination charger there. It could be my own son's business, I'd have the same attitude. Having stored card details is a massive issue. Having them stolen from you is even worse. PCI compliance is no joke.



  • Registered Users, Registered Users 2 Posts: 9,176 ✭✭✭blackwhite


    I really don't understand the attitude from some about this.

    We visit Fota at least once a year - love the place. But that doesn't give them a free pass to ignore consumer protection laws.

    Maybe the warning they've put out is an abundance of caution and all is actually OK - but the statements this morning certainly give the impression that they were storing information that they shouldn't have been and that they have put customers at risk as a result.



  • Registered Users, Registered Users 2 Posts: 3,141 ✭✭✭gipi


    An expert in the Irish Times report suggests that the Fota website itself may have been compromised, so card details were being harvested from the website as customers entered details, rather than from stored data.

    https://www.irishtimes.com/ireland/2024/08/29/credit-card-warning-for-customers-of-fota-wildlife-park-after-cyberattack/



  • Registered Users, Registered Users 2 Posts: 15,743 ✭✭✭✭Fr Tod Umptious


    Obviously this is very serious, you often hear about hacks and people being advised to lookout for strange contacts etc, but being asked to cancel cards is a completely different level.

    So a full a proper investigation should, and will take place and whatever the regulations deem as "punishment" will be applied, and I'm sure there will be redress for people who have suffered financially from this.

    But someone "hoping" they are hit with a huge fine, that's a bit weird.



  • Registered Users, Registered Users 2 Posts: 22,639 ✭✭✭✭ELM327


    Interesting reading there. It's an opinion piece, so not 100% on accuracy, but if it's true, that's far worse. People not only have their CC info stolen, but all login data and cache it seems. So not only do they have your CC info, they have geolocation data, system data, email, password, username, phone number etc. Enough to attempt sophisticated scams, attempt to pass 2FA or 3DS tests. That is a very dangerous situation and as a former risk manager myself here must pose the question, how did 1LOD,2LOD and 3LOD all fail here? What was their monitoring strategy for protecting the userbase they store data on?

    I'm in awe, it's like printing out all the information and storing it in an unlocked cabinet. How can a man in the middle attack with access to the website be allowed to persist for weeks or months? Shocking is the only word.



  • Registered Users, Registered Users 2 Posts: 4,101 ✭✭✭spaceHopper


    OK So I’m a big tinfoil hat fan and hate companies using my data for anything other than the service or product they provide. I’ve had my personal data leaked by Fastway, Linkdin, Paddy power, some car parts website, western digital and a few others. Most of them are tech companies or large that should know better.

    But Foto ? Really, they probably had company design and manage their website. To me it reads like their website was hacked and code to steal logins and CC numbers was inserted into it, and not that they were illegally storing numbers.

    By the way, when Fastway were “hacked” they claimed to be the victim of cyber crooks and were working with the Gardai. What actually happened was they had a database on a cloud server open to the internet and it wasn’t password protected.



  • Registered Users, Registered Users 2 Posts: 11,392 ✭✭✭✭Furze99


    Fastway are one of the most disreputable businesses about in my experience. Never have anything to do with them in my advice.



  • Registered Users, Registered Users 2 Posts: 869 ✭✭✭tringle


    I was in Fota, I used my card in person at a food stand. No website, no online, but in person. My credit card company called me to say they had been advised to cancel all cards used in the past 6 months in Fota and to move funds out of my current account until the new card was issued. They are taking it pretty seriously.



Advertisement