Planet Ice, which operates 14 ice rinks across the UK, has revealed that criminal hackers broke into its systems and stole the personal information of more than 240,000 customers.
The first hint that most skating and ice hockey fans have noticed of a potential problem was when they tried to book tickets online earlier this week, Planet Ice’s servers said, “Unscheduled server downtime. It was when I was presented with a brief message explaining that
The next day, some customers sent an email revealing that they had discovered that the “Ice Account” system had been compromised, giving unauthorized parties “external access to non-financial areas of the system.” received from Planet Ice.
According to Troy Hunt’s HaveIBeenPwned project, the data of 240,488 customer accounts are currently in the hands of hackers such as:
- Date of birth, name and gender of the partying child
- email address
- IP address
- telephone number
- physical address
While it’s obviously a good thing that the payment information wasn’t accessed by the hackers (thankfully it’s being handled by a third-party processor), how the above information could be misused by fraudsters. You can easily imagine there is.
For example, passwords were stored as MD5 hashes (a method considered old and obsolete), so not only would you definitely change your password for Planet Ice, but you wouldn’t have to change your login credentials anywhere else. Use the same password.
Additionally, scammers use personal information collected from compromised accounts to phish unsuspecting victims for more information, redirect them to fake websites, or trick them into opening malicious attachments. may attempt to contact Planet Ice’s customers. .
Planet Ice said it notified the Information Commissioner’s Office (ICO) of the breach and called in outside cybersecurity experts to assist with the investigation and response.
The company has warned customers to treat any future emails they may receive regarding a security breach as “suspicious,” and if they want to review the content of the communication, they can contact their data protection officer named “Ross.” We encourage you to contact us. firstname.lastname@example.org.
Some Planet Ice customers turned to social media. they first heard about the security breach It wasn’t from the company itself, but from media reports or HaveIBeenPwned.
This seems a little unfair to poor old Ross, who must have spent a lot of time sending out 240,488 notification emails one by one.