Thomson Customer Data Exposed by Mistake


The British travel company Thomson has stated that an email sent by mistake on August 15, 2015 exposed the names, addresses, email addresses, phone numbers, flight dates and balances due for 458 customers, BBC News reports.

While Thomson has acknowledged the "genuine error," it's not offering affected customers any compensation.

"We are aware of an email that was sent in error, which shared a small number of customers' information," the company said in a statement. "The error was identified very quickly and the email was recalled, which was successful in a significant number of cases."

"We would like to apologize to our customers involved and reassure them that we take data security very seriously," Thomson added. "We are urgently investigating the matter to ensure this situation will not be repeated."

Thomson customer Karen James told the BBC that she was considering canceling her planned holiday in response to the breach.

"My biggest fear is that this list will be sold to someone, because the wrong person could have a field day with this information," James said. "How can we relax on holiday knowing that five hundred people have my address and know when we are going to be away?"

"The interesting element to this story is that regardless of the perimeter security that Thomson has in place to avert hackers and cybercriminals, a simple human error of attaching data to an email has caused concern for a number of customers," AVG security evangelist Tony Anscombe noted in a blog post examining the breach.

According to CompTIA's recent Trends in Information Security study, fully 52 percent of security breaches are caused by human error, including general carelessness, failure to follow policies and procedures, failure to get up to speed on new threats, and lack of expertise with websites and applications.

"Among those companies that indicated human error played some role in security incidents, 39 percent felt that human error was more of a factor over the past two years," the report states.

Still, the study found, only 54 percent of companies offer some form of cyber security training.

Twenty-nine percent of companies said there's no specific hurdle to security training -- they just haven't done it. "The field is indeed full of opportunity for IT firms that can offer the best training or the best overall security package for mitigating human error and improving a business' security posture," the report states.

A recent eSecurity Planet article examined the importance of offering security training to employees.