Up to 43,000 affected by UK travel agent data breach

16 Mar 20179 Shares

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Image: JP WALLET/Shutterstock

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

ABTA has suffered a data breach that could affect as many as 43,000 people, with contact details possibly leaked.

It is not a good day to be the CEO of the Association of British Travel Agents (ABTA), as a security breach that saw tens of thousands of people exposed in February has been revealed by the organisation.

With up to 43,000 people affected, the true concern is for the 1,000 people whose hacked accounts may include personal identity information.

The data was logged through people filing complaints against ABTA-registered travel agents.

ABTA hack

The hack dates back to 27 February, and the organisation claims to be contacting those affected, alerting the police, notifying the information commissioner and setting up helplines for customers concerned by the breach.

“We are not aware of any information being shared beyond the infiltrator,” said Mark Tanzer, CEO of ABTA, in a statement today (16 March).

“We are actively monitoring the situation but as a precautionary measure, we are taking steps to warn both customers of ABTA members and ABTA members who have the potential to be affected.”

The leak exposes four categories of data, the majority of which is email addresses and passwords of those that registered on its website. This means that those with accounts on abta.com should change their details immediately.

Contact details of some customers of ABTA members who used the site to make complaints are also part of the breach, with documentation uploaded to support complaints also affected.

Files regarding membership for travel agents could also be exposed.

According to Tanzer, a vulnerability was exploited by someone capitalising on ABTA’s server storage through a third-party developer.

“It is extremely disappointing that our web server – managed for ABTA through a third-party web developer and hosting company – was compromised, and we are taking every step we can to help those affected,” he said.

“I will personally be working with the team to look at what we can learn from this situation.”

Gordon Hunt is senior communications and context executive at NDRC. He previously worked as a journalist with Silicon Republic.

editorial@siliconrepublic.com