First Free Story (1 of 3)Join Skift Pro
Up to 43,000 people may have had their personal data stolen in a cyber attack on UK travel association ABTA.
The organisation, which represents travel agents and tour operators, said that most of the information related to email addresses and encrypted passwords but that around 1,000 of the files accessed may include personal information from customers.
The breach occurred on February 27 with the hackers able to exploit a vulnerability in the organization’s Web server, which is managed for ABTA through a third party Web developer and hosting company.
As soon as ABTA was made aware of the breech it moved to fix the vulnerability, while also engaging consultants to assess the damage.
“We are not aware of any information being shared beyond the infiltrator. We are actively monitoring the situation, but as a precautionary measure we are taking steps to warn both customers of ABTA Members and ABTA Members who have the potential to be affected,” said Mark Tanzer, Chief Executive of ABTA.
He added: “I would personally like to apologise for the anxiety and concern that this incident may cause to any customer of ABTA or ABTA Member who may be affected. It is extremely disappointing that our web server, managed for ABTA through a third party web developer and hosting company, was compromised, and we are taking every step we can to help those affected. I will personally be working with the team to look at what we can learn from this situation.”
A spokesperson for the Information Commissioner’s Officer, which regulates the use and storage of personal information in the UK, said: “We are aware of this incident and will be making enquiries.”
She added: “Companies – big or small – must make cyber security a top priority. They must take every precaution necessary to ensure the personal information they acquire and handle is protected from criminals determined to steal it.”
ABTA is the latest travel-related company to be targeted by hackers. In February, InterContinental Hotels Group revealed that it had experienced a data breach at 12 properties.