The Association of British Travel Agents (ABTA) has suffered a data breach affecting approximately 43,000 individuals after an unauthorized intruder exploited a vulnerability in a third-party web server, the trade organization has acknowledged in a statement.
According to the statement, on February 27 of this year, a perpetrator gained access to various ABTA data and files, including email addresses and encrypted passwords of those registered on ABTA.com, as well as documentation that was uploaded onto the website by either ABTA members or said members' customers. Approximately 650 of the affected files may include the personally identifiable information of members, while about 1,000 files may include PII belonging to customers.
Individuals were impacted if they submitted documentation in order to register a complaint about an ABTA member, or to support a customer's complaint. (The latter scenario only applies if individuals uploaded their supporting documentation since Jan. 11. Members were impacted if they used the website's self-service facility.
In response to the incident, the ABTA has taken steps to notify affected individuals, as well as the proper authorities. The organization also contacted the third party service provider responsible for the web server. The vulnerability has since been patched.
"We are not aware of any information being shared beyond the infiltrator," wrote ABTA CEO Mark Tanzer in the organization's statement. "I would personally like to apologize for the anxiety and concern that this incident may cause to any customer of ABTA or ABTA Member who may be affected. It is extremely disappointing that our web server, managed for ABTA through a third-party web developer and hosting company, was compromised, and we are taking every step we can to help those affected."