The personal and financial data of tens of thousands of people may have been compromised following a cyber attack on Fota Wildlife Park. 

Customers who bought tickets on the Cork-based park’s website have been told to cancel debit or credit cards following the cyber attack and urged to review transactions on their accounts since May 12th for any suspicious activity.

Those registered with the site have also been told usernames, passwords and email addresses linked to the account may have been compromised, and they have been urged to change any passwords on other accounts.

More than 400,000 people visit the wildlife park each year with most going during the summer months, meaning that tens of thousands of credit and debit card details may now be in the hands of criminals.

In an email to customers, the park said that there is a risk that their financial information may be compromised for anyone who carried out a transaction on its website between the dates of 12 May 2024 and 27 August 2024

“We strongly recommend that you cancel the credit or debit card that has been used to make payments on the Fota Wildlife Park website,” the Fota Wildlife Park said in an email to customers.

“If you use the same password for other accounts, [we recommend] that you also change your password on those accounts.”

Fota Wildlife Park website pushed offline

The cyber attack took the Forta Wildlife Park’s website offline on Wednesday night, leaving customers unable to buy tickets online and being forced to buy and collect tickets at the on-site kiosks as it opened this morning. 

The park stressed in a statement that it was doing everything possible to analyse precisely what caused the security breach and how it put appropriate measures in place to prevent further breaches. 

It has removed all access to its user accounts on the website and has engaged external forensic cybersecurity experts who are investigating the incident.

In a statement, it said it has notified the Data Protection Commission (DPC) about the breach and that it is working with An Garda Síochána.

“On becoming aware of this activity, we took immediate steps to investigate and identify what information had been accessed on our website in order to carry out containment measures,” an email sent to impacted customers said.

"The organisation's incident response plan was immediately activated, an internal investigation was instigated and appropriate measures were taken to secure the organisation’s website," Fota advised.

The park added that it is in the process of contacting all potentially impacted customers. In the meantime, Fota Wildlife Park’s day-to-day operations continue as normal. 

Fota Island resort not impacted

While it works closely with Fota Wildlife Park, the Fota Island Resort clarified this morning that it has not been affected by yesterday's cyber attack.

The five-star hotel and golf destination said it is a "completely separate business" from the wildlife park and that the two companies are "entirely independent of each other."

The resort does offer packages which include bookings for the Wildlife Park, however, it confirmed that "we manage all bookings internally and no credit cards used to purchase this offer have been compromised."

"While we work closely with our neighbours at Fota Wildlife Park, we are in fact two completely separate businesses entirely independent of each other," Fota Island Resort said in a statement. 

"We wish to assure all our previous guests that there has been no cyberattack at Fota Island Resort and no customer data has been compromised," the resort added.