Cyber Incident Victim: Planet Ice

On or around January 24, 2023, Planet Ice, a UK-based operator of 14 ice rinks across locations including Bristol, Leeds, and the West Midlands, publicly disclosed a data security incident affecting customer information. The breach involved unauthorized access to personal data belonging to approximately 200,000 customers. According to the company’s notification email to affected individuals, the compromised information included non-financial details such as names, addresses, and passwords used for Planet Ice accounts. Planet Ice clarified that financial data remained secure because payment processing was handled externally by Worldpay systems, which were not implicated in the breach. The incident stemmed from a security failure at IMP-UK, a third-party provider of event services to Planet Ice, where attackers unlawfully accessed or acquired customer data stored by the vendor.

The breach exposed customers to potential fraud risks through the theft of identifiable personal information and account credentials. Planet Ice confirmed the data had been secured following the incident but did not specify the exact timeframe of unauthorized access or the methods used by the attackers. In its public statement, the company apologized for the inconvenience and emphasized that no financial records were compromised. The disclosure highlighted Planet Ice’s reliance on third-party vendors for critical operations, with IMP-UK’s systems serving as the intrusion point. No further technical details about containment measures, forensic investigations, or regulatory notifications were provided in the public announcement. The Bristol location, opened in October 2021, was among the affected venues.