Travel 会社/堅いs `failed to learn lessons´ from cyberattacks, Which? 報告(する)/憶測 (人命などを)奪う,主張するs
Travel 会社/堅いs have failed to 安全な・保証する their websites from hackers にもかかわらず previous cyberattacks, 消費者 group Which? has (人命などを)奪う,主張するd in a new 報告(する)/憶測.
It says its own 調査 設立する vulnerabilities in websites linked to Marriott, British 航空路s and easyJet, each of which has 以前 been the 支配する of high-profile data 違反s.
This 研究 設立する hundreds of 欠陥s on 場所/位置s linked to the three companies, Which? says, 同様に as on some domains linked to American 航空機によるs and Lastminute.com.
The 消費者 group said it had looked at the 安全 of websites operated by 98 travel companies ? 含むing 航空機によるs, 小旅行する 操作者s, hotel chains and 調書をとる/予約するing 場所/位置s ? 診察するing cybersecurity on not just their main websites, but also 関係のある 場所/位置s, 含むing 宣伝の 場所/位置s, spin-off 商売/仕事 and 従業員 スピードを出す/記録につける-in portals.
によれば the 研究, almost 500 問題/発行するs were 設立する on 場所/位置s linked to Marriott, with more than 100 裁判官d to be high-危険 or 批判的な by Which?
Marriott was 攻撃する,衝突する by a major data 違反 in 2018, when it 認める the guest 記録,記録的な/記録するs of 339 million 顧客s had been 接近d, an 出来事/事件 for which it was 罰金d £99 million by the (警察などへの)密告,告訴(状) Commissioner’s Office (ICO).
乗客s at Heat hrow Airport´s 終点 5 (Steve Parsons/PA)
In May this year, the company said the 詳細(に述べる)s of as many as 5.2 million 顧客s may also have been 接近d in a second 違反.
どこかよそで, 115 vulnerabilities were 設立する on websites linked to British 航空路s, 含むing 12 which were identified as 批判的な.
BA was 問題/発行するd with a 記録,記録的な/記録する £183 million 罰金 last year by the ICO after hackers 伸び(る)d 接近 to the personal data, 含むing 支払い(額) (警察などへの)密告,告訴(状), of about half a million 顧客s.
The 調査 said it also 設立する 問題/発行するs on 場所/位置s linked to easyJet, which 確認するd its own data 違反 earlier this year, 影響する/感情ing nine million 顧客s, more than 2,000 of whom had credit card 詳細(に述べる)s exposed.
Which? said it identified 222 vulnerabilities on easyJet 場所/位置s, 含むing two 批判的な 欠陥s.
Rory Boland, editor of Which? Travel, said Marriott, British 航空路s and easyJet had “failed to learn lessons from previous data 違反s” and were leaving 顧客s exposed to cybercriminals.
“Travel companies must up their game and better 保護する their 顧客s from cyber 脅しs, さもなければ the ICO must be 用意が出来ている to step in with 刑罰の 活動/戦闘, 含むing 激しい 罰金s that are 現実に 施行するd,” he said.
“The 政府 must also 許す for an 選ぶ-out 集団の/共同の 是正する 政権 that 取引,協定s with 集まり data 違反s ? so that companies that play 急速な/放蕩な and loose with people’s data can be held to account.”
答える/応じるing to the 調査, easyJet said it had taken 活動/戦闘 on nine web domains flagged to it.
“EasyJet always takes the 安全 of our systems and the 保護 of our 顧客 and 従業員s’ data very 本気で, 従うing with 関連した 法律制定,” the company said.
“Like many companies, easyJet has a number of subdomains which 供給する a 範囲 of 機能(する)/行事s, 含むing 実験(する) 場所/位置s not in use by 顧客s, 資源s for staff, and 場所/位置s to 供給する 付加 services and (警察などへの)密告,告訴(状) for 顧客s such as our 数字表示式の inflight ma gazine or our bistro menu.
“As soon as 可能性のある vulnerabilities on nine subdomains were brought to our attention, we 調査/捜査するd this in 新規加入 to our 正規の/正選手 安全 reviewing 過程s, and of those, three have been 除去するd as were 満了する/死ぬd 場所/位置s, 可能性のある vulnerabilities on one active 場所/位置 have been 解決するd, and we will be 解決するing the 可能性のある vulnerabilities for the remaining five subdomains in the coming days.
“These subdomains are in no way linked to our 核心 website and we have seen no 証拠 of any malicious activity on these 場所/位置s, and 非,不,無 蓄える/店 any 顧客 passwords, credit card 詳細(に述べる)s or パスポート (警察などへの)密告,告訴(状).
“We had already started a 十分な review of all domains using a 危険-based approach.
“This would have identified and 解決するd these 可能性のある 問題/発行するs, however are pleased we have been able to bring this 今後.
“All companies have to be vigilant to defend against 犯罪の cyber activity and we will continue to 絶えず review and 強化する our systems.”
In its own 返答, British 航空路s said it was “満足させるd” it had systems in place to mitigate the 問題/発行するs raised by the Which? 調査.
“We take the 保護 of our 顧客s’ data very 本気で and are continuing to 投資する ひどく in cybersecurity,” the 航空機による said.
“We have 多重の 層s of 保護 in place and are 満足させるd that we have the 権利 支配(する)/統制するs to mitigate vulnerabilities identified. These 支配(する)/統制するs are often not (悪事,秘密などを)発見するd in 天然のまま 外部の ざっと目を通すs.”
Marriott said it had “embedded oversight and governance of its 安全 and privacy programme at the highest level of its 商売/仕事” and continued to 高める its 安全 and 行為/行う 正規の/正選手 実験(する)s of its systems.
“Marriott has 行為/行うd a 予選 review of Which?’s findings after Which? 供給するd them to Marriott. At this 行う/開催する/段階, there is no 推論する/理由 to believe that the findings 衝撃 Marriott’s 顧客 systems or data,” a company 声明 said.
“Marriott also not es that some of the findings are not attributable to Marriott, other findings could not be 実証するd, others have already been 演説(する)/住所d through 補償するing 支配(する)/統制するs, and many of the findings relate to Marriott’s 開発 環境 ? which 含む/封じ込めるs 限られた/立憲的な 使用/適用s and is not connected to Marriott’s 顧客 systems or data.
“As it does with other 安全 研究員s, Marriott is taking a closer look at and 演説(する)/住所ing Which?’s findings, and would welcome a その上の 対話 with Which?’s technical 専門家s at their earliest convenience.”
In their own 返答, Lastminute.com said it took a “強健な 危険-based approach” to its 安全 structures and was “感謝する” for the 調査’s 研究.
However, the company argued the examples 最高潮の場面d by Which? were “おもに 実験(する) 場所/位置s 含む/封じ込めるing no personal or 極度の慎重さを要する data”.
American 航空機によるs said it “recognises the importance of cybersecurity” and uses a 範囲 of 道具s to keep 顧客s’ data 安全な.
It 追加するd it uses a “combination of 内部の and 外部の cyber professionals to 定期的に identify and 実験(する) the 安全 of our systems and continue 改善するing our 能力s”.
