Online bank Revolut has begun offering “goodwill” payments to its customers impacted by the recent cyberattack on the website of Cork’s Fota Wildlife Park, without admitting liability.
The institution has made a number of increasing offers to those affected via the financial ombudsman, with those accepting the offer also agreeing to keep details of the settlement confidential.
The offers are for lesser amounts than the money removed from the victims’ accounts following the hack, and are made as “goodwill” gestures of between 60% and 80% of what was taken “while admitting no liability for the disputed transactions”.
One victim told the Irish Examiner that pushing the matter to the next level of mediation makes little sense as to do so would require official depositions, which would take “an inordinate amount of time”.
The cyberattack, which occurred in late August, saw the wildlife park’s website taken offline together with its online ticketing system.
The park subsequently informed all customers who paid for tickets online between May and August to protect their bank accounts and to cancel any cards used on the Fota website.
Investigations were subsequently instigated by both An Garda Síochána and the Data Protection Commission, probes which remain ongoing, Fota said in a statement.
“There is no further update to share,” a spokesperson said.
Revolut declined to comment directly on the matter.
However, a company source said there was no evidence of widespread financial crime directly related to the Fota incident, and that all Irish banks would have been equally affected by what had happened.
A spokesperson for AIB said that in the case of the Fota hack “where a customer was a victim of fraud, we dealt sympathetically with them on a case-by-case basis”.
Bank of Ireland meanwhile said that it hadn’t “observed any uptick in card fraud following data breaches in recent months but we continue to support our customers with 24/7 fraud telephone support”.
Fota has yet to acknowledge how many of its customers were affected by the cyber attack. It said it had contacted all customers affected by the cyberattack within three days of the initial breach being reported.
The park said that in the wake of the attack, its incident response plan was instigated once evidence of illegal cyber activity on its site was notified.
A lecturer in business information systems at University College Cork, Dr Simon Woodworth, who had visited Fota Wildlife Park during the period in question, said that having inspected the source code of Fota’s website, it appeared to have been constructed initially on the Wordpress web platform, which if not kept up to date “could lead to a vulnerability”.
He said of the criminals in question: “If they were clever, they could have been sitting there quietly and gathering data for some time before acting on it.”