Following the hack of several Israeli travel booking websites by an Iranian actor and the lack of response from the affected company, Israel’s Privacy Protection Authority took over the company’s servers.
One of the most critical actions after a data breach is to analyze the incident, figure out what happened and fix the vulnerabilities. After Iranian hackers compromised multiple websites belonging to Gol Tours LTD, the company refused to take the necessary measures to patch the system, citing the costs.
According to a Times of Israel report, the affected websites include hotel4u.co.il, booking-hotels.co.il, booking-kibbutz.co.il, mlonot.co.il, noapass.co.il, gol.co.il, funtoursisrael.co.il, ortal.net, come2israel.co.il and come2israel.com.
The Israeli Privacy Protection Authority immediately contacted Gol Tours LTD and tried to determine how the hackers got in. The authorities were met with a refusal to cooperate. But there seems to be more to this story.
In a Channel 12 interview, the owner said he never said that it would be too expensive to upgrade and secure the systems and that the hackers only took the names and phone numbers of the users. The hack affected around 300,000 Israelis, and the authorities said addresses, dates and locations of booked vacations, and sensitive medical information were also stolen.
“In any case of failing to immediately report a serious security breach and not cooperating according to the guidelines, the authority will take decisive action to protect the personal information of the public, including effectively halting the company’s operations,” the Privacy Protection Authority said in a statement.
The authorities used the punitive measure of taking over the servers, as an example of what would happen when you don’t cooperate with dedicated agencies.