Think W3’s site, Essential Travel, which is a major UK travel affiliate site and publisher, has been slapped with a £150,000 (about $200k) fine from the Information Commissioner’s Office (ICO). The fine was in response to a major data breach which occurred late in 2012.
The ICO has reported that a hacker took advantage of Think W3’s poor security and got ahold of about 1.1 million credit and debit cards.
While a $200,000 fine may be fairly small when compared with some of the fines being filed against companies like Google, it is actually quite significant. This is a big reminder to all affiliate publishers out there that they can be held financially responsible if they don’t take proper precautions to keep their customer’s data safe.
While this case was related to credit cards, the fact is that people can be held liable for any type of online theft if they aren’t keeping up with the standard security precautions. This is why you need to protect any data you collect from your customers or clients, even if it is just your email list.
According to the case, the company had not deleted any customer credit card information since 2006. In addition, they had not done any security checks or evaluations on their systems since it was originally installed.
While no company can be expected to be 100% safe from all attacks, this is clearly an example of negligence on the part of Think W3.
Since the breach occurred, Think W3 has been sold to the UK-based hotel booking company, Holiday Extras. According to a statement, the previous owner of Think W3 did pay the ICO penalty since it was their responsibility at the time.
