Skip to Main Content

AA Data Breach Exposes Details Of Over 100,000 Customers


Names, Email Addresses and Partial Credit Card Information Are Among The Details Stolen In April - Affected Customers Were Not Told

Email addresses, names and credit card details are among the exposed details. Affected customers have not been told.

A breach at UK car insurance company, the AA, has exposed information on more than 100,000 customers, including names, email addresses and partial credit card details, according to security researchers.

The company said a 'server misconfiguration' was responsible for the information being openly available on the web for a few days in April of this year.

The AA have been criticized for its handling of the incident: After claiming no sensitive information was included in the exposed cache, the company was called to task when security researcher Troy Hunt said he found 117,000 unique email addresses, names and partial credit card info among the details.

The company never notified its affected customers, he added.

AA president Edmund King said the contractor which the company uses to run its website identified the vulnerability and resolved the issue in two days. He also said that the information was accessed “a few times,” but that AA made the determination that no sensitive information was revealed after doing random sampling - hence no customer notification.

Top Tips
As a precaution, it is recommended that AA customers consider the following;

  • Change the password for your online AA account, as well as any other accounts which share the same password.
  • Be aware of links and attachments in unsolicited emails. If you receive an email from AA, do not click on anything in the email. Instead, log in to your AA account via your web browser. 
  • Remain vigilant of any suspicious activity happening to your bank account if it is linked to AA.