Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

UK's Association of British Travel Agents cops to data breach

Yes there's still such a thing as a travel agent

A hack attack on the Association of British Travel Agents (ABTA) has exposed the personal details of thousands of consumers and hundreds of tour operators and travel agents.

Data for up to 650 ABTA members and up to 43,000 consumers was exposed by the breach, which dates from late last month.

In a statement on Thursday. The travel industry organisation blamed a successful attack against its hosting provider. It sought to downplay concerns by saying the problem had already been contained.

We recently became aware of unauthorised access to the web server supporting abta.com by an external infiltrator exploiting a vulnerability. The web server is managed for ABTA through a third party web developer and hosting company. The infiltrator exploited that vulnerability to access data provided by some customers of ABTA Members and by ABTA Members themselves via the website.

On further, urgent investigation we identified that the incident occurred on the 27 February 2017 and related to some customer information, including complaints about ABTA Members, and to documentation uploaded via abta.com in support of ABTA membership. Although encrypted, passwords used by ABTA Members and customers of ABTA Members to access our website may also have been accessed.

The vulnerability abused by hackers has been closed. ABTA has also called in third-party incident response consultants to access the potential impact of the incident.

ABTA chief exec Mark Tanzer apologised for the incident and the worry it may have caused. The organisation is in the process of notifying affected parties, mostly consumers who have filed complaints against a tour operator through ABTA.

Most of the potentially compromised records contained only email addresses and encrypted passwords. But approximately 1,000 compromised files contain more sensitive information of consumer complainants including names, addresses and phone numbers.

Pete Turner, consumer security expert at security software firm Avast, added: "It’s bad enough if you have to complain about your holiday to ABTA but then to potentially have your personal information compromised will be of concern to many people.

"While it is good that ABTA has already taken steps to not only notify the Information Commissioner and police, but also set up a helpline for people to call if they are concerned, the fact is that consumers can no longer trust companies to keep their data safe. The regular news stories hitting the headlines of data breaches is example of this," he added.

Jes Breslaw, director of strategy, EMEA at data virtualisation firm Delphix, added: "Time and time again we have seen that even the most basic breach of personal identifiable information puts consumers at risk. Names, addresses and contact information all hold money-making potential for opportunistic cyber criminals on the dark web.

"The latest ABTA breach once again reinforces why organisations need to prioritise the development of multi-layered security measures," he added. ®

Similar topics

TIP US OFF

Send us news


Other stories you might like