Planet Ice 2023 Data Breach
ObscureIQ Breach Intelligence
Moderate SeverityWebsite / service breach
Planet Ice UK Ice Skating Venues & Youth Programs Breach (2023): 240K Family Records Including Children's DOB, Home Address & Passwords Exposed
Planet Ice operates ice skating rinks and youth-oriented programs across the UK. Systems include booking, membership management, and event participation, often involving minors and families.
Verified by ObscureIQ Intelligence
54/100Breach Risk Index
40Data Value
10Market Recency
1182dSince Breach
Breach Intelligence Summary
Entity: Planet Ice · Actor: Unknown (IMP-UK supply-chain compromise) · Sources: 2 references
Attack: Misconfiguration
Profile: Company · Ice skating venues and youth programs · Membership and event management system · UK
Timeline: Breach (2023-01-14) · Indexed (Jan 31, 2023) · Year (2023)
Exposure: 240K records · 9 fields: Date of Birth, Email Address, Full Name, Gender, IP Address, Password, Phone Number, Physical Address, Transaction History
Status: Confirmed
Executive Summary
Planet Ice, a UK-based operator of about fourteen public ice-skating rinks, suffered a data breach disclosed in late January 2023. The incident affected the company's "Ice Account" booking platform and exposed records for approximately 240,000 customers. Planet Ice attributed the unauthorized access to its event-services provider, IMP-UK. Financial information was not affected because payment processing was handled separately by Worldpay.\n\nThe exposed data covered email addresses, physical addresses, phone numbers, gender, dates of birth, and passwords stored as weak MD5 hashes. The dataset also included names, dates of birth, and gender for children who had attended birthday parties at Planet Ice rinks, recorded as part of the booking system. Parents and guardians who booked these events were the primary account holders and the parties most likely to have used the platform's password.\n\nBecause the breach exposed minors' personal details combined with home addresses and parent contact information, the practical risk profile is materially more sensitive than a standard customer-list leak. The combination of a child's full name, date of birth, and home address, paired with a parent's email and phone number, creates a base for targeted contact and impersonation attempts that reference specific children and family activities. Parents whose children's details may have been exposed should rotate any reused passwords, treat any unsolicited contact referencing skating activities or party bookings with caution, and consider monitoring for unusual contact aimed at the child's name.
ObscureIQ assessment: High sensitivity because youth participation may be involved. Exposure enables phishing, membership fraud, family-targeted scams, and identity linkage around children’s activities and schedules.
Breach Impact
The 2023 incident produced limited direct financial cost to Planet Ice but generated meaningful reputational and operational disruption. The "Ice Account" booking platform was taken offline during containment, interrupting ticket and party bookings during peak season. Customer trust took a noticeable hit, particularly among parents whose children's data had been exposed. Planet Ice notified the Information Commissioner's Office and engaged external incident-response specialists. There is no public record of ICO enforcement action, settlement, or class-action litigation tied to the breach. The event-services partner IMP-UK, which the company stated had been the source of the unauthorized access, also drew scrutiny in the disclosure messaging.
About Planet Ice
Planet Ice is a U.K.-based operator of public ice-skating rinks and venue services. The company runs roughly fourteen rinks across the United Kingdom, hosting public skating sessions, ice-hockey leagues, learn-to-skate programs, children's parties, and venue events. Its customer base is heavily family-oriented, with parents and guardians booking sessions, parties, and lessons on behalf of children. The company's customer-account platform was branded "Ice Account" and was operated alongside event-management services from a related provider, IMP-UK. Payment processing was handled separately by Worldpay.
Why They Hold Your Data
Membership and youth-program organizations collect participant identity, contact details, payment records, event enrollments, membership status, and parent or guardian information across venue and program operations.
Recent Developments
Planet Ice continues to operate its rinks following the 2023 incident and has not been publicly tied to further significant breach events. The company notified the UK Information Commissioner's Office and engaged external cybersecurity advisors during incident response. Customer-facing communications were criticized at the time, with many affected users learning of the breach through press coverage or HaveIBeenPwned rather than from Planet Ice directly. There has been no public ICO enforcement action announced against Planet Ice or its event-services partner IMP-UK in the years since, although affected children's data falls within the heightened protections of UK data-protection law.
Data Points Exposed
9 verified field types
Date of Birth High
Email Address
Full Name High
Gender
IP Address
Password Critical
Phone Number
Physical Address High
Transaction History High
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:High
Primary downstream threats:
- Credential stuffing against reused passwords across other platforms
- Identity verification bypass using name + date of birth combination
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat vectors:
- Identity verification bypass
- Phishing, credential stuffing & account takeover
- Name-based social engineering
- Profile enrichment
- Geolocation & account flagging
- Credential stuffing & account takeover
- SIM swapping, vishing & SMS phishing
- Physical stalking, mail fraud & identity verification
- Lifestyle profiling & targeted fraud
Threat Actor: Unknown (IMP-UK supply-chain compromise)
Unknown (IMP-UK supply-chain compromise)
Misconfiguration
Attribution and method are based on available breach intelligence. Reported attack vector: Misconfiguration.
Recommended Actions
If you believe your information may be included:
Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the Planet Ice breach?▾
Planet Ice, a UK-based operator of about fourteen public ice-skating rinks, suffered a data breach disclosed in late January 2023. The incident affected the company's "Ice Account" booking platform and exposed records for approximately 240,000 customers. Planet Ice attributed the unauthorized…
What data was exposed?▾
Verified fields include Date of Birth, Email Address, Full Name, Gender, IP Address, Password, Phone Number, Physical Address, Transaction History.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation