Fota Wildlife Park cyberattack: Criminals tried to empty customer's bank account
Fraudulent Fota Picture: Cards Their Bank Remended' The Relevant Cancel And Customers Immediately, Minihane Search To Park Accounts Credit Denis Of Transactions For Evidence 'strongly Wildlife
A customer of Fota Wildlife Park has described how cybercriminals attempted to empty his bank account after he booked online tickets to the park last month.
The wildlife park has been hit by a massive cyberattack that has put the bank accounts of customers at risk.
Cork physiotherapist Bryan Jacob purchased tickets on the Fota website on July 29.
On August 20, he discovered two unauthorised transactions on his Revolut account, processed within seconds of each other for €600. The first transaction, for €280, was successful.
The second failed as it totalled more than was left in the account.
The charges were made in Vairano Patenora, Italy — a location he had never visited
Mr Jacob has yet to recover the money removed using his details, as neither Revolut nor Google Pay, whose platform was used to purchase the Fota tickets, have accepted responsibility for the loss to date.
"I believe it is crucial to raise awareness about this issue, as other individuals may also have been impacted by this breach and subsequent unauthorised transactions."
Mr Jacob was one of many Fota customers who were contacted by the park on Wednesday informing them their personal payment details may have been breached following a cyber attack on the website between May 12 and August 27.
Fota Wildlife Park “strongly recommended” customers cancel the relevant credit cards immediately, and to search their bank accounts for evidence of fraudulent transactions.
Asked how he found his interaction with the Fota website, Mr Jacob said he found it to be “quite antiquated and dated”.
“Even the email confirmation you received after purchasing tickets appeared very dated,” he said.
Fota Wildlife Park’s website remained inaccessible as of Thursday afternoon, with a placeholder site message expressing the park’s apologies “for any inconvenience this may cause”.
The park remains open for business but only tickets bought physically at its kiosks are currently being accepted.
Fota said its incident response plan was instigated once evidence of illegal cyber activity on its site was notified.
A spokesperson for the Data Protection Commission confirmed a data breach notification had been received from the wildlife park and is currently being investigated.
Mr Jacob said following the fraudulent transactions on his own account, which he suspects may be linked to the Fota cyberattack, he is “deeply concerned about the broader implications for other consumers who may have been affected”.
He said after four days of discussions with Revolut and Google Pay, it became clear "neither party was willing to offer a refund”. He added he had now referred the matter to the Financial Services Ombudsman.
Neither Revolut nor Google Pay replied to a request for comment.
A spokesperson for Bank of Ireland said its customers affected by the Fota breach should contact its customer service team to cancel their card and arrange a new one.
Meanwhile, a lecturer in business information systems at UCC, Dr Simon Woodworth, who had visited Fota Wildlife Park during the period in question and received the cyberattack warning email from park officials, said having inspected the source code of Fota’s website, it appeared to have been constructed initially on the Wordpress web platform.
“The problem with Wordpress is it has a lot of plug-ins, and if you don’t keep them up to date it could lead to a vulnerability,” he said.
He said from a cursory inspection of the site, it appeared to be using an encryption standard, TLS version 1, which has been effectively obsolete since 2018.
Dr Woodworth said of the criminals in question: "If they were clever, they could have been sitting there quietly and gathering data for some time before acting on it."