Fota Wildlife Park in East Cork has issued an urgent warning following a major cyberattack on its website, potentially compromising thousands of customers' personal and financial details. The park advises those who made transactions on its website between May 12 and August 27, 2024, to cancel their debit or credit cards as a precaution.
The cyberattack was discovered on August 27, prompting Fota Wildlife Park to swiftly engage external forensic cybersecurity experts to investigate the breach. The park has also reported the incident to the Data Protection Commission (DPC) and An Garda Síochána, Ireland’s national police service, as part of its response.
Initial investigations revealed that the attackers may have accessed the usernames, passwords, and email addresses of users with accounts on the website.
There are also concerns that full credit card details may have been compromised, leading to the strong recommendation for customers to cancel their cards and closely monitor their bank statements for any unusual activity.
Paul C. Dwyer, President of the International Cyber Threat Task Force, indicated that the attack may have involved a "man-in-the-middle" strategy, where criminals intercepted data as it was entered on the website. This could have enabled them to collect complete credit card details, which might be sold on the dark web.
The park has taken its website offline to prevent further damage while working to secure its systems. Despite the breach, Fota Wildlife Park remains open to visitors, with tickets available for purchase at the entrance.
In a statement, Fota Wildlife Park assured customers that it is treating the situation with the utmost seriousness and has made protecting their personal and financial information a top priority.
The park is in the process of contacting all customers who may have been affected.
Meanwhile, Fota Island Resort, a nearby hotel and golf destination, clarified that it is a completely separate business from Fota Wildlife Park and was not impacted by the cyberattack.
The DPC has confirmed that an investigation is underway amid concerns that the breach could lead to targeted phishing attacks and other cyber threats.