Inspiring Vacations unprotected database leaks data of 112k travelers

Melbourne-based travel agency Inspiring Vacations has caused a significant data leak affecting approximately 112,000 travelers, predominantly Australian citizens, with customers from New Zealand, Britain, and Ireland also impacted.

The leak is caused by a non-password protected database being unintentionally exposed online, comprising about 112,000 records totaling 26.8 gigabytes. The leaked data included highly sensitive information such as:

• high-resolution passport images,
• travel visa certificates,
• travel itineraries,
• e-ticket PDF documents,
• partial credit card numbers.
• CVs with full names, addresses, phone numbers, and email addresses

The breach was discovered by cybersecurity researcher Jeremiah Fowler, who reported it to Inspiring Vacations and relevant authorities. The potential misuse of the exposed data includes identity theft, fraudulent activities, and other illegal uses. For example, passport data could be used to open accounts or apply for credit cards, and CV information could be exploited for phishing scams or fake job opportunities.

Inspiring Vacations, acknowledged the breach, secured the database and commenced an investigation. They notified the Office of the Information Commissioner and the Australian Cyber Security Centre. The company has also informed its staff and customers about the incident. It remains unclear how long the database was exposed and whether hackers accessed the information.

Update - on the 10th of January Inspiring Vacations has stated that the number of individuals affected by a recent data breach is much lower than initially reported. Yet, they haven't disclosed their assessed number nor the argument for the discrepancy.