Get unlimited access to the latest travel industry news and analysis, comment on articles and sign up to newsletters.
Register for free
Already registered? Login here or below.
Having difficulty logging in? Try these tips, or contact support@ttgmedia.com
Abta confirmed last week that a web server supporting abta.com had been hacked. Rob Gill explores the potential implications.
Abta has rushed to reassure members and their customers following a security breach of its web server that could have affected up to 43,000 individuals.
The web server supporting abta.com saw unauthorised access by an “infiltrator” in a single incident on February 27, but it is unclear whether they downloaded any personal data stored on the site. Those potentially affected include around 650 individuals who are Abta members and potentially thousands of customers.
Most of the data was stored in the form of email addresses and encrypted passwords, so Abta members who had registered on the website face a “very low risk of identity theft or online fraud”, according to the association.
The organisation became aware of the breach two days later on March 1 when it employed security risk consultants to assess the potential extent of the incident before going public with details last week.
The association has also contacted the Metropolitan Police in London – which is now investigating – and the Information Commissioner.
Mark Tanzer, Abta’s chief executive, said: “The infiltrator exploited that vulnerability to access data provided by some customers of Abta members and by Abta members themselves via the website.”
This data also related to some customer information, including complaints about Abta members, and to documentation uploaded via abta.com in support of Abta membership.
“We are not aware of any information being shared beyond the infiltrator,” added Tanzer. “We are actively monitoring the situation, but as a precautionary measure we are taking steps to warn both customers of Abta members and Abta members who have the potential to be affected.”
Abta has contacted those who may have been affected to provide them with “information and guidance to help keep them safe from identity theft or online fraud”.
“I would like to apologise for the anxiety and concern that this incident may cause to any customer of Abta or Abta member who may be affected,” said Tanzer.
“It is extremely disappointing that our web server, managed for Abta through a third-party web developer and hosting company, was compromised.
“We have contacted, by email, every Abta member who we believe has the potential to have been affected with specific guidance information.”
Abta said the police investigation was “ongoing” and that it was “still quite early” to give any details on how many members had contacted them about the incident.
“The police have got an identity [for the infiltrator] but I can’t comment further," added Tanzer. “If somebody gets in touch with us they have to establish an identity. I imagine the police will be checking the contact information and take the investigation from there.”
David Navin, corporate security specialist at internet security firm Smoothwall, said the incident showed the “importance that businesses must place in keeping their data secure”.
“No company is immune to the threats of cybercrime, yet every business should have the most robust security system to prevent a hack, breach or leak and safeguard their data should an incident occur,” he added. “Businesses should always be mindful of security regarding third-party partners.”
“I would like to apologise for the anxiety and concern that this incident may cause to any customer of Abta or Abta member who may be affected”
Mark Tanzer
