Fota Wildlife Park may be fined if security of card payments found to be 'inadequate'

Meanwhile, Fota Island Resort, which covers the hotel and golf course, issued a statement to clarify that none of its IT systems have been compromised
Fota Wildlife Park may be fined if security of card payments found to be 'inadequate'

Data Not Protection It And Cummins Attack Picture:: For Park On Is A Now File Being Gb">a Said Contrast="none" Is Xml:lang="en (dpc) Park The

The payment cards industry will likely investigate the cyberattack that brought the website of Fota Wildlife Park to its knees, according to experts, with the possibility of the park being hit with fines for failing to protect people's accounts. 

Cyber security expert Brian Honan said that organisations accepting credit card payments are obliged to adhere to security standards for processing payments, known as Payment Card Industry Data Security Standard (PCIDSS).

“PCIDSS would require you to have the appropriate security controls in place on your site. I would suspect the payment card industry would be looking at this, not just the Data Protection Commission,” Mr Honan said, adding that substantial fines could be applied to the park if the security systems were inadequate.

A spokesperson for Fota Wildlife Park said the park is not in a position to comment on the cyber attack as it is now being investigated by An Garda Síochána and the Data Protection Commission (DPC).

A query as to how many people may have been affected by the breach was not answered.

On Wednesday, park officials wrote to its customers to say that illegal activity had been noticed on its website, and to “strongly recommend” that those customers cancel the credit or debit cards used to make bookings on the site between May 12 and August 27.

Mr Honan said that unless Fota releases more information regarding the cyber attack it is only possible to speculate as to its nature. 

He said that the site is “likely being examined by forensic experts at the moment”, adding that he would speculate that “the time when the site became compromised is in or around the date on the statement”.


He said it is possible that criminals put some sort of code on the site that would monitor all activity, such as usernames, passwords, and credit card details, all of which were potentially being copied.

“There is a very active criminal underground for this kind of activity. They will steal credit card details, and they may not have the infrastructure to make money from them, so instead they will sell those on to other gangs who would then be in a position to exploit them,” Mr Honan said.

He said that those affected may not see any evidence of fraud for some time. 

“It may not be today, it may not be tomorrow, but that doesn’t mean it won’t happen,” he said, adding that “if you’re a customer of Fota Wildlife Park then you should cancel your cards”.

Fota Island Resort

Meanwhile, Fota Island Resort, which covers the hotel and golf course, issued a statement to clarify that none of its IT systems have been compromised. 

"While we work closely with our neighbours at Fota Wildlife Park, we are in fact two completely separate businesses, entirely independent of each other," the statement said.

"We wish to assure all our previous guests that there has been no cyberattack at Fota Island Resort and no customer data has been compromised. 

"This includes any bookings made for the Fota Wildlife Park package on our website, we manage all bookings internally and no credit cards used to purchase this offer have been compromised."

More in this section

Cookie Policy Privacy Policy Brand Safety FAQ Help Contact Us Terms and Conditions

Examiner Group © Limited Echo