The UK's largest automobile association (AA) has admitted that it suffered a data breach after previously telling customers that no data had been compromised. Over 117,000 customer records were stolen, including user ids and passwords, although it is not clear if the passwords have been exposed.
Last week rumours of a potentially serious data breach at UK car insurance company the AA circulated in the security research community. In response, the AA's customer support Twitter account downplayed those fears, and told users that their data remained secure. However, an exposed server contained sensitive information on over 100,000 AA customers, in many cases including partial credit card data, according to a database obtained by Motherboard. Judging by interviews with victims, the AA never directly informed affected customers either, even though the company says it knew about the breach in April.