Security News > 2021 > November > Boat biz breaches itself: Brittany Ferries 'fesses up to leaks caused by routine website update

Brittany Ferries has told some customers that an unforeseen technical glitch introduced after "Routine" website maintenance had left their accounts wide open, potentially exposing very sensitive details to anyone who knew the linked email address.

The operator, which runs ships from the UK to ports in Spain and France, contacted punters on Tuesday with the bad news about a "Breach to our data that might have an impact on your My Account with Brittany Ferries."

"In spite of our cyber vigilance and rigorous security checks, I'm sorry to confirm your account's protection settings were unintentionally changed between October 21st and November 2nd of this year," said Anne Laure Fabre, data protection officer at Brittany Ferries.

A spokesperson at Brittany Ferries told The Reg a test procedure was omitted from the update process.

One customer caught up in the breach told us he was "Disappointed" that his passport data, which may be used to forge his identity, could have been accessed by unauthorised sorts, but that Brittany Ferries "Don't seem to be able to say whether it's actually happened. Whatever happened to logging requests?".

"A spokesperson at the ICO told us the breach had yet to be reported to it by Brittany Ferries:"Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach, unless it does not pose a risk to people's rights and freedoms.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/11/10/brittany_ferries/