- La preocupación por los costes pone en jaque las estrategias de IA de los CIO
- This smart air purifier effectively replaced allergy medicine for me - and it's impressively quiet
- This discounted robot vacuum conquered the toughest room in my home
- I used the Google Pixel Tablet as my smart home display - and here's how it fared
- Samsung Unpacked 2025: Everything you might've missed, Galaxy S25 Edge, AR glasses, more
FlexBooker Reveals Major Customer Data Breach
An online booking software provider has released details of a cloud breach over the festive period, resulting in the theft of millions of customers’ personal details.
FlexBooker offers appointment scheduling software for organizations in healthcare, finance and other sectors to accept bookings on their website.
However, late last week, breach notification site HaveIBeenPwned revealed that 3.7 million customer accounts had been compromised in December. It noted that most (69%) of the info was already in its database, presumably due to previous breaches and details reshared across multiple sites.
FlexBooker released a notice soon after, admitting that its cloud systems were targeted.
“On December 23, 2021, starting at 4:05 PM EST our account on Amazon’s AWS servers was compromised, resulting in our temporary inability to service customer accounts, and preventing customers from accessing their data,” it said.
“As part of the incident, our system data storage was also accessed and downloaded. In response to the outage, we worked closely with Amazon to restore a backup, and were able to restore operations within 12 hours.”
It’s unclear how the attackers were able to compromise the FlexBooker account and whether human error such as cloud misconfiguration had anything to do with it.
According to FlexBooker, the stolen information included customers’ full names, email addresses and phone numbers. It claimed that no payment card details were compromised, although according to HaveIBeenPwned, “partial credit card data” was taken.
Customer passwords were encrypted, and the encryption key was not accessed or downloaded, FlexBooker added.
It urged victims of the breach to review accounts for any suspicious activity, obtain a credit report, and consider placing a fraud alert on the report, as well as seeking a credit freeze.
Only 3% of breach victims place a credit freeze on their accounts despite it being a far more effective fraud mitigation strategy than credit monitoring.
It prevents lenders from obtaining a credit report about an individual, meaning they can’t open any new lines of credit, nor can fraudsters use stolen identity information.
