The Privacy Protection Authority in Israel confiscated the servers hosting several travel booking sites because their administrator did not fix security flaws that allowed data breaches to impact over 300,000 people. At least 10 websites run by Gol Tours LTD in Israel have been taken down after a warning from the organization regarding patching the security holes that allowed hackers to steal customers’ personal information and credit card details.
The Times of Israel says that Israel’s Privacy Protection Authority on Thursday verified the hack, which is thought to have been carried out by an Iranian threat actor. The agency allegedly got in touch with Gol Tours almost once following the intrusion and ordered them to fix the security holes that had been used as a point of entry.
“In any case of failing to immediately report a serious security breach and not cooperating according to the guidelines, the authority will take decisive action to protect the personal information of the public, including effectively halting the company’s operations,” said Israel’s Privacy Protection Authority.
According to Ram Levi, CEO of Konfidas, a cyber and crisis management firm, the hackers are an Iranian organization known as Sharp Boys. It is the first in Israel for the Privacy Protection Authority to seize servers from a business that had been the target of a cyberattack. Levi points out that the websites have been taken down, and as part of its probe, the agency is looking into the systems.
The owner of Gol Tours said that the agency’s claims that the hackers refused to strengthen security were false and that they simply collected names and phone numbers for the websites’ databases. “I never said I wouldn’t upgrade [security] because it would cost me money, never,” Gol Tours said, adding that “the authority had sent us a faulty document and didn’t respond to our messages.”
The Sharp Boys gang portrays themselves as “an independent hacker group” on their website. On June 11, they made the attack public and said that databases comprising names, phone numbers, email addresses, credit card information, passport numbers, and travel history had been taken. The threat actor listed the identical websites reportedly taken down by The Privacy Protection Authority of Israel.
Following the disclosure of the incident, Sharp Boys leaked 300,000 customer information records. Additionally, the group posted a snapshot from a remote desktop connection demonstrating their access to more than two dozen supposedly Gol Tours-owned websites. When the registration information for a few of them was investigated, it was discovered that Gol Tours LTD managed them and that their contact email addresses were housed at the currently operational website gol.co[.]il.