Teletext data breach exposes risk of cloud storage usage

It was announced last week that Teletext, the trading name for package holiday firm Truly Travel, had risked customers’ personal data following the discovery that 212,000 customer call recordings had been left on an unprotected server for three years*.

The recordings took place between April and August 2016 with many including details of holiday bookings exposing postal and email addresses, phone numbers and customers’ dates of birth.

Kingsley Hayes, managing director at data breach and cybercrime specialist Hayes Connor Solicitors, said: “This latest breach exposes the risk of using cloud storage without ensuring that the information is held securely. Cloud services are not secured by default and this may prove a significant risk to businesses who may be unaware of this.

“It has been reported that the audio files were unsecured for a three year period exposing Teletext customers to potential identify theft and other fraudulent activity over a lengthy period. Any private data held by a company, regardless of the format of that information, needs to be stored, processed and shared securely – this includes any historic archived files that can easily be forgotten.

“Companies are starting to be more savvy about data protection post GDPR however, historic practices may leave them vulnerable to potentially hefty fines and compensation claims.”

Hayes Connor Solicitors was recently appointed as data protection supplier to the Communication Workers Union. The firm is currently acting for thousands of customers with data breach action against Ticketmaster, Equifax, Marriott International, TeamSport, Dixons Carphone and the Police Federation of England and Wales.