0 Selected+
City and finance

Hello! You are viewing your 1 free guest article this week

Join now for free, immediate and unlimited access to our award-winning online content. Find out more...

Join us
Already a member? Log in here


11 Oct 2017

BY Jennifer Morris


Abta chief admits scope of data protection was 'much bigger than he thought' before breach

The boss of Abta has admitted the scope of data protection was “much bigger than he ever thought” before the organisation fell victim to a cyber hack in March.

Mark Tanzer, Abta CEO

About 43,000 individuals were potentially affected when the organisation saw “unauthorised access to the web server supporting by an external infiltrator exploiting a vulnerability”.


Speaking in a session on cyber security and the protection of personal data at the Abta Travel Convention, the organisation’s chief executive Mark Tanzer commented on the breach: “I hadn’t quite realised how responsible I was for all of our third party relationships – not just in the IT area but commercial relationships.


“The scope of data protection was a lot bigger than I ever thought. I thought it stopped at the four walls of our office, but it goes much further than that.


“And understanding the nature of the data we had was quite difficult. Did we have any medical records or passport details? We couldn’t just go into one system and look it up. People’s records were scattered between different systems.


“A dress rehearsal would have been useful because we would have been able to see what we actually had.


“We went through it all. It was a crisis management situation. It was a major, expensive exercise.”

Tanzer gave a number of lessons to travel businesses:


- “Have insurance.”


- “The best way not to lose data is not to have it. Be absolutely ruthless about why you have various data. We found the people who were most angry were the ones wondering why we even

had their data. Clear out data that isn’t current and you don’t have the licence to use.”


- “Typing up your contracts and getting visibility as to what our third party suppliers are doing is also very important.”


- “Penetration test your own systems.”


- “You’ve got to demonstrate to the Information Commissioner that you’ve got data protection training in place, all this helps mitigate the penalty they may impose on you.”


- “We will have an annual data report to the board detailing what measures we are taking.”


Add New Comment
Please sign in to comment.
Show me more
TTG Media Limited.
Place of registration: England and Wales.
Company number 08723341.
Registered address: New Bridge Street House, 30-34 New Bridge Street, London EC4V 6BJ
Scroll To Top