Breach, Threat Management, Data Security

Thomson data breach exposes hundreds of customer details

A data protection breach at travel company Thomson has exposed personal details of many passengers. The home addresses, telephone numbers and flight dates were revealed for nearly 500 travelers in the UK.

An email cited by the BBC shows that the details of 458 people were shared on 15 August. Some of those affected have shown anger at the company's handling of this incident. Thomson has apologized for the episode, and called it a “genuine error”, however it advised customers that they would not receive any compensation.

Some customers have been left to ponder whether they should cancel their holiday. One holidaymaker, Karen James from Cornwall who booked flights to Lanzarote told the BBC, “My biggest fear is that this list will be sold to someone, because the wrong person could have a field day with this information. How can we relax on holiday knowing that five hundred people have my address and know when we are going to be away?”

James commented that she and her partner were burgled when they went on holiday a few years ago. She is considering cancelling their holiday since she is unable to change the dates. 

Another customer in Cornwall, who chose to remain anonymous, was first made aware of the breach when contacted by the BBC. She is angry that Thomson failed to advise her that her details were in the public domain. She is also considering cancelling her holiday.

Jason Hart, VP and CTO, data protection, Gemalto, comments: “Data breaches are not just breaches of security.  They are also breaches of trust between companies and their customers.  As consumers become more aware of the risk of their data being compromised in the hands of trusted brands, they're likely to become more cautious about what data they share and demand more transparency from the companies whose products and services they buy. 

A statement from Thomson said, “We are aware of an email that was sent in error, which shared a small number of customers' information. The error was identified very quickly and the email was recalled, which was successful in a significant number of cases. We are urgently investigating the matter to ensure this situation will not be repeated.”

Tony Pepper, CEO for Egress, comments, “Encryption solutions are available that enable greater control over communications: not only reducing the chances of information being shared in error, but also enabling users to revoke access to email messages and attachments in real time in a ‘worst case' scenario such as this. Mistakes happen, it's a fact of life. Yet organisations need to ensure they give employees the right tools to work securely, while also providing a safety net should they make a mistake.” 

This story originally appeared on

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.