Travel organisation Abta hit by cyber attack
Travel trade organisation Abta says a cyber attack on its website may have affected around 43,000 people.
About 1,000 files accessed could hold personal data of individuals who have made a complaint about an Abta-registered travel agent.
Abta said the “vast majority” of the 43,000 were people who have registered on abta.com, using email addresses and encrypted passwords, or those who had filled out an online form using basic contact details - types of data it said were at “very low exposure” to identity theft or online fraud.
The company, which represents travel agents and tour operators and provides advice and guidance to holidaymakers, said it has reported the incident to the Information Commissioner and the police and contacted those affected by the hack.
Abta said the cyber attack was conducted through a vulnerability to the web server for abta.com, which is not managed by Abta but by a third-party web developer and hosting company.
The four categories of data that may have been accessed are:
Email addresses and passwords for Abta Members or customers of Abta members who had registered on abta.com.
Contact details for customers of Abta Members who have used the website to register a complaint about an Abta member.
Data uploaded by members of the public who were submitting supporting documentation to support a complaint.
Data uploaded by Abta Members in support of their membership.
Abta CEO Mark Tanzer said: “I would personally like to apologise for the anxiety and concern that this incident may cause to any customer of Abta or Abta Member who may be affected.
“It is extremely disappointing that our web server, managed for Abta through a third party web developer and hosting company, was compromised, and we are taking every step we can to help those affected. I will personally be working with the team to look at what we can learn from this situation.”
Abta urged anyone who had uploaded contact details of documents to the website to monitor their bank, social media and email accounts.