AA Password Reset Email Causes Data Breach Panic

British motoring association the AA caused panic among its members on Monday when it accidentally sent out a password reset email, leading many to presume incorrectly that the firm had been breached.

The problem was made worse when the Automobile Association’s web infrastructure apparently buckled as a rush of users made to change their passwords, leaving them locked out of their profiles and suspecting the worst.

The incident played out on Twitter, with the AA’s social media team for some reason failing to inform customers that the reason their accounts were not accessible was simply because servers were overloaded.

They were also told not to ring the number on the original email, but not why, leading some to speculate it was a fake contact manned by fraudsters.

This communication breakdown appears to have exacerbated user anger and confusion and could be seen as a cautionary tale on what can happen when crisis comms aren’t managed effectively.

A mea culpa on the AA site claimed the firm “sent an email in error about passwords being changed”:

“Some Members and customers have received an email from the following address – email@info.theaa.com, incorrectly stating their password had been changed.

"This email was sent by us in error. We would like to reassure everyone that passwords have NOT been changed and personal data remains secure. We’re sorry for any confusion.

"Please bear with us as this has generated an unusually high number of login requests that are slowing down our system. If you don’t need to log on urgently, we recommend you try again later. We apologise for any inconvenience.”

If anything, the incident has shown just how prevalent data breaches are today, that countless AA customers immediately assumed the worst when the first email was sent out.

What’s Hot on Infosecurity Magazine?