Sunweb Announced this week that Victims of Phishing emails, Sent in the name of the Travel Organization, Should not Expect Compensation. This is despite the fact that hackers gained access to varous contact details via Sunweb. The Travel Organization Cannot Simply Shug Off The Responsibility.
Since the End of September, Several Sunweb Customers Have Received An Email Requesting Them to Make A Payment, With the Warning That Their Trip would come upwise Be Canceled. The Messages Turned Out to Be From Cybercriminals Who Stolen Personal Data From The Travel Organization by Infiltrating Their Systems.
An unclear number of customs have fallen victim to the so-called phishing, it emerged on Monday. Several Customers have also expressed that they are afraid of burglars when they are on vacation. The Netherlands-Based Travel Organization Calls The Hack A “Terrible Incident” But Says It Will Not Offer Any Compensation. The only Question is Whether they will get away with it so Easily.
“If you Become a Customer, Especary Within A Digital Environment, You Can Expect Your Data To Be Sufficiently Guaranteed,” Emphasizes Taino Lourents, A Lawyer At Legal Assistance Insurer Das. “The moment third parties gain access to systems, sunweb has a responsibility. It is short-sighted to say after a data breach: We are not going to pay anything.”
The Lawyer Refers to Article 82 of the General Data Protection Regulation (GDPR), which States that People May Claim Both Material and Immaterial Damage From the Organization That Processes Their Data As Soon A Data Breach Occurs. “But the consumer must be able to demonstrate that he has made a payment as a results of the data breach.”
‘Technical Protection is an obligation’
As soon as you can demonstrate a link between the phishing email and the data breach at sunweb, sunweb has a problem defending itself against it, says lourents. “If a fake sunweb email uses information that the organization has received from you, I can well imagine that you can convince a judge.”
Sunweb Acknowled Earlier This Week That Hackers had Entered Their Systems and Warned Customers About Phishing Emails in The Same Message. “Sunweb has an obligation to inform its customs about this,” Says Lourents. But Warning Customers Certainly Does Not Cover Them Against Liability. “It was not discovered and made known on the same day. Everything was wrong in that intervening period.”
Accordance to Lourents, Sunweb is Responsible for a Thorough Application of the GDPR. “You cannot say: we collect that data and if it goes well, the customer benefits from it, and if it goes wrong, that customer is unlucky. They have a range of obligations, and technical protection is a large part of that.”
Stolen Data Made Phishing Email More Convincing
The Travel Organization Reports That Hackers Have Stolen Contact Details, Including Email Addresses, Telephone Numbers and Travel Information. By also incorporating this data into the phishing emails, the Messages Came across as Extra Convincing. CyberSecurity Expert Gert-Jan de Boer Warns that phishing emails are Becoming Increasingly Realistic Anyway.
“With the advent of programs like chatgpt, you are less likely to see that such emails come from abroad, because there are no more spelling fogakes in Them,” He says. “It is Becoming More Difficult for Every consumer to see What the Difference is between a real email and a phishing email.”
Yet There Are Still Clever Tricks to Check Whether An Email is from the Correct Sender. “For Example, Hackers Cannot Simply Send An Email from the Sunweb Domain,” He explains. Sunweb Emphasizes on its website which Domain Names Belong to the Travel Organization. “At the same time, that Doesn’t Say Everything,” De Boer Nuances. “Many organizations use mailing lists or external providers that Send advertisements and the like on their.”
Many people also read their emails on their phone. It is more diffress to see at a glance which domain a message comes from. “What you can pay Attention to be Whether the email has a Coercive tone,” Continues de Boer. “It is Unusual for An Organization to Ask You To Transfer Money Directly, With the Threat That Your Trip Will Otherwise Be Cancelled.”
Do not store data together
Sunweb Says That Following the Hack, The Company Has Improved the Security of Its Systems, But It is not Known to What Extent That Security was inadequate Before. Accordance to de Boer, The Data Could also Have Been Stolen from a Supplier of the Company. The Organization Has Now Reported the Data Breach to the Dutch Data Protection Authority, which will Investigate It Further.
“In Any Case, Companies Must Ensure That Certain Data Is Encrypted or Not Stored Together,” Says Lourents. As a result, Hackers Cannot Easily Obtain Complete Customer Data In The Event of A Break-in to Create Convincing Phishing Emails. “Can Sunweb Maintain with this outcome that the security was in order? I miracle.”