Planet Ice Data Breach
Planet Ice UK Ice Skating Venues & Youth Programs Breach (2023): 240K Family Records Including Children's DOB, Home Address & Passwords Exposed
Planet Ice operates ice skating rinks and youth-oriented programs across the UK. Systems include booking, membership management, and event participation, often involving minors and families.
Risk Interpretation
High sensitivity because youth participation may be involved. Exposure enables phishing, membership fraud, family-targeted scams, and identity linkage around children’s activities and schedules.
Impact & Downstream Threats
The 2023 incident produced limited direct financial cost to Planet Ice but generated meaningful reputational and operational disruption. The "Ice Account" booking platform was taken offline during containment, interrupting ticket and party bookings during peak season. Customer trust took a noticeable hit, particularly among parents whose children's data had been exposed. Planet Ice notified the Information Commissioner's Office and engaged external incident-response specialists. There is no publ
- Credential stuffing against reused passwords across other platforms
- Identity verification bypass using name + date of birth combination
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
Planet Ice, a UK-based operator of about fourteen public ice-skating rinks, suffered a data breach disclosed in late January 2023. The incident affected the company's "Ice Account" booking platform and exposed records for approximately 240,000 customers. Planet Ice attributed the unauthorized access to its event-services provider, IMP-UK. Financial information was not affected because payment processing was handled separately by Worldpay.\n\nThe exposed data covered email addresses, physical addresses, phone numbers, gender, dates of birth, and passwords stored as weak MD5 hashes. The dataset also included names, dates of birth, and gender for children who had attended birthday parties at Planet Ice rinks, recorded as part of the booking system. Parents and guardians who booked these events were the primary account holders and the parties most likely to have used the platform's password.\n\nBecause the breach exposed minors' personal details combined with home addresses and parent contact information, the practical risk profile is materially more sensitive than a standard customer-list leak. The combination of a child's full name, date of birth, and home address, paired with a parent's email and phone number, creates a base for targeted contact and impersonation attempts that reference specific children and family activities. Parents whose children's details may have been exposed should rotate any reused passwords, treat any unsolicited contact referencing skating activities or party bookings with caution, and consider monitoring for unusual contact aimed at the child's name.
About Planet Ice
Planet Ice is a U.K.-based operator of public ice-skating rinks and venue services. The company runs roughly fourteen rinks across the United Kingdom, hosting public skating sessions, ice-hockey leagues, learn-to-skate programs, children's parties, and venue events. Its customer base is heavily family-oriented, with parents and guardians booking sessions, parties, and lessons on behalf of children. The company's customer-account platform was branded "Ice Account" and was operated alongside event-management services from a related provider, IMP-UK. Payment processing was handled separately by Worldpay.
Why They Hold Your Data
Membership and youth-program organizations collect participant identity, contact details, payment records, event enrollments, membership status, and parent or guardian information across venue and program operations.
Recent Developments
Planet Ice continues to operate its rinks following the 2023 incident and has not been publicly tied to further significant breach events. The company notified the UK Information Commissioner's Office and engaged external cybersecurity advisors during incident response. Customer-facing communications were criticized at the time, with many affected users learning of the breach through press coverage or HaveIBeenPwned rather than from Planet Ice directly. There has been no public ICO enforcement action announced against Planet Ice or its event-services partner IMP-UK in the years since, although affected children's data falls within the heightened protections of UK data-protection law.
Data Points Exposed
Exposure Categories
Canonical Fields
date_of_birth, email_address, full_name, gender, ip_address, password, phone_number, physical_address, transaction_history:purchase
Dark Web Verification
- Dataset containing ~240K records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: Planet Ice Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Planet Ice
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam