Published on: July 6, 2022
Israel’s Privacy Protection Authority took over the servers of an Israeli company after it failed to respond to several of its traveling booking websites being hacked by an Iranian threat actor.
After Iranian hackers compromised multiple websites belonging to Gol Tours LTD, the company refused to patch the system, citing high costs.
According to a report by the Times of Israel last week, the impacted websites include hotel4u.co.il, booking-hotels.co.il, booking-kibbutz.co.il, mlonot.co.il, noapass.co.il, gol.co.il, funtoursisrael.co.il, ortal.net, come2israel.co.il and come2israel.com.
The Israeli Privacy Protection Authority immediately contacted Gol Tours LTD and attempted to determine how the hackers breached their servers. The authorities were met with a refusal to cooperate by the company.
However, in a Channel 12 interview, the owner of Gol Tours LTD said he never said that it would be too expensive to upgrade and secure the systems and that the hackers only stole the names and phone numbers of users. The hack impacted around 300,000 Israelis, and authorities said that addresses, dates, and locations of booked vacations were also taken, along with sensitive medical information.
“In any case of failing to immediately report a serious security breach and not cooperating according to the guidelines, the authority will take decisive action to protect the personal information of the public, including effectively halting the company’s operations,” the Privacy Protection Authority said in a statement.
The Isareli authorities decided to take over the company’s servers as punishment for not cooperating with dedicated government agencies.