Thomas Cook, Solberg, airline, security, breach, Ving, Norway, expose, UK, investigation, ICO
Thomas Cook

Norwegian exposes Thomas Cook data breach

A leak in the tour operator’s Nordic brand Ving exposed the data of an unspecified number of customers.

The tour operator giant Thomas Cook has admitted that a data breach exposed the names, email addresses and flight details of a number of its customers.

The leak was discovered by Norwegian security researcher Roy Solberg after he booked a flight with Ving, Thomas Cook Airlines Scandinavia, Sky News and TTG report.

Solberg found that he could manipulate an email link from the operator to its online duty free shopping site Airshoppen to access other clients’ data. He then wrote about his investigation in a blog.

Solberg says that to avoid suspicion he rarely downloads a lot of data but typically seeks to establish the nature and scope of a breach.

“I did a few tests to see if I could see how many bookings this was affecting,” he writes. “For Ving, this was pretty serious… the oldest bookings I saw were from 2013, and the most recent one for 2019. I suppose this means that data was leaking about at least tens of thousands of travels.”

The simple nature of Ving’s and Cook’s booking numbers means it was easy to work through potentially thousands of people’s travel plans, he explained.

Investigation to start
Solberg alerted Thomas Cook in June, and 15 days later the operator told him that the vulnerability had been fixed. However, the UK’s data watchdog, the International Commissioner’s Office, says it will further investigate the incident.

The operator insists that a “limited volume” of data was involved and that because of this it has not contacted the affected customers.

“We take any breach of our customer data extremely seriously. After being alerted to this unauthorised access to our online duty free shopping website in Norway, we closed the loophole and took responsible actions in line with the law,” the company said in a statement.

Related stories

Thomas Cook offers ‘pay in instalments’

Hilton warning as hackers steal credit card details

How to protect your computer when traveling


Check Also

SAS, passengers, stats, numbers, figures, Norwegian, monthly, June, 2018, weaker, stronger, routes

SAS sets another passenger record

The airline has broken its previous monthly passenger record from 2014, though it is still behind Norwegian.

Ålesund, congestion, bus, cars, cruise, tourists, too many, overtourism, Norway, viewpoint, Aksla

Tourist bus chaos at viewpoint in Norway

Four cruise ships disgorge a flood of tourists heading to an attraction with a small access road.

Norway, law, EU, directive, consumers, protect, claim, compensations, flight, delay, cancel, hotel, package, trip, organise, consumers

New package tour law in force in Norway

An updated version of an earlier law now gives consumers more right when organising their own travels.

fire, wildfire, Oslo, Norway, rail, services, delay, train, bus, lines

Forest fires cause Norway rail chaos

Rail services in and out of Oslo have been heavily disrupted due to out-of-control forest fires.

Norwegian, behaviour, Norway, airlines, plane, travel, bad, smoking, abusive, passengers, alcohol, fine

Big rise in passenger trouble in Norway

Pilots say that the alarming trend is due to alcohol availability and passengers feeling cramped.

sas, Nordic, Scandinavia, sale, sell, stake, shares, state, government, buy, investors,

Norway sells all its shares in SAS

There is now speculation that Sweden will also sell its stake, but Denmark will keep hold of its own shares.