The Association of British Travel Agents has become the latest organisation to admit to suffering a successful breach, leaving data relating to its members and their clients exposed to malicious third parties, according to the Register.
The attack was instigated in February this year and hackers were reportedly able to make off with private information on as many as 650 agencies and over 40,000 innocent customers, with the ABTA revealing the extent of the breach in a statement published last week.
In the statement it was confirmed that the data had been stolen as a result of hackers exploiting a security vulnerability present on the servers which host the organisation’s official website. It explained that a hosting firm is responsible for handling the site itself on behalf of the Association, rather than this being managed internally.
In terms of the kind of information which was taken, the breach seems to have involved both membership applications submitted to the ABTA by agents, along with complaints made to it by consumers who were unhappy with the quality of service that they had received from affiliated individuals and organisations.
It was also confirmed that member passwords could have been stolen along with the rest of the data, although these login details were encrypted, meaning it is unlikely that they will be usable.
The flaw in the security which the cybercriminals were able to exploit has since been patched, while the Association is now working with an independent investigation team in order to deal with the incident and plan for the aftermath going forwards.
CEO Mark Tanzer issued an apology for the breach and said that anyone impacted by it would be contacted by the ABTA in the coming days to alert them to the fact that their details may be in the hands of hackers.
The vast majority of those consumers who had data stolen in the attack need only worry about their email addresses and the aforementioned passwords, protected by encryption, being compromised. However, the organisation said that close to a thousand accounts were also linked with additional details, including postal addresses and contact numbers, which is clearly a bigger problem for those affected.
Anyone who is concerned about whether or not their details have been stolen can take advantage of the helpline that the ABTA has set up to assist those consumers who have used its website in the past to make a complaint. It has also notified the Information Commissioner’s Office and the relevant law enforcement agencies, to ensure that a thorough investigation gets underway outside of its own efforts.
Industry experts have pointed to this incident as being another example of the damage that can be done by cyber attacks, especially against large organisations which are responsible for information that can be exploited by hackers for financial gain.
A report published last week by Cifas revealed that identity theft is now more prevalent across the UK than during any point in the past, with close to 173,000 people hit by this type of fraud in 2016, which is often facilitated via digital means.
Report spokesperson, Mike Haley, said that people needed to take greater care in all aspects of their life to prevent personal information falling into the wrong hands, from disposing of letters with sensitive data safely to being savvy about their use of online services. And the growing awareness of this issue means that businesses which fail to embrace suitable security measures and suffer attacks could easily lose the trust of customers and, ultimately, find it difficult to recover.