The breach they say was identified when unusual activity was detected on the FOTA website. Steps were taken to investigate and contain the breach, including taking the website offline and engaging external forensic cybersecurity experts¹. They confirm that the park's incident response plan was activated, and an internal investigation was launched to determine the extent of the data compromised⁴.
This type of attack often involves methods such as:
Customers who made online transactions during the specified period were advised to cancel their credit or debit cards and monitor their bank statements for any suspicious activity¹³. The park indicated that the breach affected online transactions made through the FOTA website but not in-person purchases² at the park's ticket office.
It is certain that in addition to financial data other personal and confidential information was also exposed, such as login id, password, email, home address, telephone numbers etc... so it is also advisable to change all passwords and be hyper aware of phishing attacks across mobile, social and email.
Notice on relaunched website
Email issued by Fota Wildlife park to customers
Dear Customer,
We are writing to let you know that we recently became aware of some illegal activity on our website.
On becoming aware of this activity, we took immediate steps to investigate and identify what information had been accessed on our website in order to carry out containment measures. One of the steps that we have taken is to remove all access to the user accounts on the website. We have also engaged external forensic cyber security experts who are investigating the incident on our behalf.
From our investigation, you should be aware of the following:
- If you have a user account on the Fota Website, the username, password and email address linked to that account may have been accessed.
- If you carried out a transaction on our website between the dates of 12 May 2024 – 27 August 2024, there is a risk that your financial information may be compromised. This relates to the credit / debit card details you used to carry out the transaction on our website.
We strongly recommend that you take the following actions to protect your financial information:
- Cancel the credit / debit card (s) that have been used to make payments on the Fota Wildlife Park website.
- Review your relevant bank account and credit card statements since 12 May 2024, to identify potential suspicious activity which may indicate that your account has been compromised.
- If you identify any suspicious or unusual activity on your account, please contact your financial institution for further advice.
- If you use the same password for other accounts, that you also change your password on those accounts.
We understand that this may be of significant concern to you. We would like to assure you that we take our responsibility to protect your personal and financial information seriously and have given this matter the utmost priority. We can confirm that the incident has been notified to the Data Protection Commission (DPC) and we are and will cooperate fully with their investigation into the matter. We are also liaising and working with An Garda Siochána.
If you have any queries in relation to this, please email them to: contact@fotawildlife.ie.
Yours sincerely,
The Fota Wildlife Park team
References
(1) Fota Wildlife Park issues warning to customers after being hit by cyber .... https://www.thejournal.ie/fota-wildlife-park-cyber-attack-6473969-Aug2024/.
(2) Fota Wildlife Park: How To Protect Yourself After Data Breach. https://thecyberexpress.com/fota-wildlife-park-confirms-cyberattack/.
(3) ALERT: Fota Wildlife Park warns visitors to cancel bank cards following .... https://www.limerickleader.ie/news/national-news/1590949/alert-fota-wildlife-park-warns-visitors-to-cancel-bank-cards-following-cyber-attack.html.
(4) Fota Wildlife Park customers urged to cancel credit cards after .... https://www.breakingnews.ie/ireland/fota-wildlife-park-customers-urged-to-cancel-credit-cards-after-cyberattack-1666369.html.
(5) Fota Park hit by cyberattack and customer credit cards exposed. https://www.siliconrepublic.com/enterprise/fota-wildlife-park-cyberattack-credit-cards-breach.
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more