UK car insurance and driving school giant The AA has at last admitted it accidentally spilled its customers' personal information all over the web.
In an astonishing U-turn, the motoring biz confessed on Friday that people's names, postal addresses, phone numbers, and email addresses were exposed to the internet – and, in some cases, hashed account passwords and partial payment card numbers. This affects those who have shopped online for car equipment and other gear at AA.com.
The admission comes after it emailed folks at the end of June telling them it had reset their passwords: soon after it said it hadn't, and blamed the mass alert on an IT blunder while insisting that customer "data remains secure."
Then it emerged this week that AA.com account records plus expiry dates and the final four digits of some payment cards had been accidentally made accessible to the public in a 13GB database backup on The AA's website. Roughly 120,000 accounts were in the bundle, including shoppers' IP addresses and lists of stuff purchased.