Iranian hackers recently hacked into a number of popular Israeli travel booking sites, managing to obtain the personal information of more than 300,000 Israelis.
The incident happened two weeks ago and was confirmed by the Israel Privacy Authority on Thursday evening.
The attack affected websites operated by Gol Tours LTD, a tourism company that owns more than 20 travel booking websites.
The leaked information includes phone numbers, addresses, booked vacation dates and locations, and sensitive medical information, the authority said in a statement.
The affected websites would be: hotel4u.co.il, booking-hotels.co.il, booking-kibbutz.co.il, mlonot.co.il, noapass.co.il, gol.co.il, funtoursisrael. co. il, ortal.net, come2israel.co.il and come2israel.com.
The Privacy Authority says it immediately contacted the owner of Gol Tours LTD after the hack, in a bid to address security loopholes the hackers took advantage of, but were met with a denial to cooperate.
“The required changes have not been made,” the authority said, noting that it had launched an investigation into the incident.
The authority also claimed, according to a Channel 12 news report, that the owner of Gol Tours LTD refused to address the security flaws as it would cost him money to do so.
The report adds that the owner also ignored instructions provided by Israel’s National Cybersecurity Directorate following the hack, intended to help the company strengthen its security and prevent additional information from being leaked to hackers. .
In an unprecedented move in Israel, law enforcement officials raided the company’s offices on Thursday and seized its servers until an investigation was completed.
“In the event of an immediate failure to report a serious security breach and failure to cooperate in accordance with the guidelines, the authority will take decisive action to protect the personal information of the public, including the effective cessation of operations of the l ‘company,” the Privacy Authority said in a statement.
The authority said it hopes the unusual step taken in this case serves as a warning to other website owners who may consider not reporting security flaws in the future.
Responding to the allegations, the owner of Gol Tours LTD dismissed the allegations and said that the authority treated him worse than Iranian hackers ever did.
“I never said I wouldn’t upgrade [the company’s online security measures] because it would cost me money, never,” he told Channel 12.
“The Iranians only took names and phone numbers from our site. We do not store credit card numbers in our system. The authority had sent us a defective document and did not respond to our messages,” he explained.
“We have one of the best security companies in the country,” he continued, “Those who hacked into our websites are the same ones who hacked into hospitals. We know how to handle them, but we wouldn’t have never imagined that we would be hurt more by Israel than by the Iranians.
הרשות להגנת הפרטיות תפסה הבוקר, בצו בימ״ש שרת שרת של של חברת ג גול טורס שבעליה מפעיל אתרי ever https://t.co/1ONFMEX9bx.
הרשות השביתה את האתרים בבעלות בעלי החברה. החקירה בעיצומה והשרתים נבדקים במסגרתה.
(התמונה מהתפיסה של השרתים)
– Ram Levi ⚜️ (@ramlevi) June 30, 2022
The incident comes weeks after Israeli communications companies were instructed to step up cybersecurity, as the government launched a new initiative to protect the country from online attacks amid a rise in hacks targeting people. Israeli websites.
As part of the reform, major Israeli communications companies are required to implement detailed plans to identify and prevent future cyberattacks targeting communications networks. Companies must now adhere to unified standards.
Numerous alleged Iranian cyberattacks against Israel have been reported in recent years.
In April, a group of pro-Iranian hackers claimed responsibility for a DDoS cyberattack that temporarily blocked the Israel Airports Authority website.
Last year, a ransomware cyberattack targeted Hillel Yaffe Medical Center in Hadera, completely shutting down its computer system. Days later, the National Cybersecurity Directorate said it had foiled a wave of attempted cyberattacks targeting other Israeli hospitals and health centers.
In 2020, various Israeli websites targeted by Iranian hackers as part of Iran’s Quds Day released video simulating bombed Israeli cities and messages threatening the destruction of the Jewish state.
According to data released by cybersecurity firm VirusTotal in October last year, Israel was the country most affected by ransomware between January 2020 and October 2021.