Cyber Incident Victim: Fota Wildlife Park

Fota Wildlife Park in Cork experienced a cybersecurity incident involving unauthorized access to its website, first publicly disclosed on August 28, 2024. The park notified customers via email that financial information, including credit or debit card details, may have been compromised for transactions processed through its website between May 12, 2024, and August 27, 2024. User account credentials—specifically usernames, passwords, and associated email addresses—were also potentially accessed during this period. The park detected illegal cyber activity on its website prior to the announcement, immediately activating its incident response plan upon discovery. Internal investigations were initiated alongside containment measures to secure the compromised systems, including disabling all user account access to the website. Forensic cybersecurity experts were engaged to assist with the investigation, though the specific attack vector or perpetrator remained undisclosed.

The park advised affected customers to cancel payment cards used on its website during the exposure window and monitor bank statements for suspicious activity since May 12, 2024. Customers reusing passwords across other accounts were urged to change them as a precaution. Fota Wildlife Park formally reported the breach to Ireland’s Data Protection Commission and collaborated with An Garda Síochána. While the website remained offline during the investigation, the physical park continued normal operations, with tickets available for purchase at entry gates. Fota Island Resort, a separate business entity, clarified it was unaffected by the incident and confirmed no compromise of its customer data or wildlife park package bookings. Visitor attendance appeared unaffected based on anecdotal reports from patrons during the initial disclosure period.