Breach, Threat Management, Data Security, Network Security, Vulnerability Management

Association of British Travel Agents web server breach impacts 43,000 individuals

The Association of British Travel Agents (ABTA) has suffered a data breach affecting approximately 43,000 individuals after an unauthorized intruder exploited a vulnerability in a third-party web server, the trade organization has acknowledged in a statement.

According to the statement, on February 27 of this year, a perpetrator gained access to various ABTA data and files, including email addresses and encrypted passwords of those registered on ABTA.com, as well as documentation that was uploaded onto the website by either ABTA members or said members' customers. Approximately 650 of the affected files may include the personally identifiable information of members, while about 1,000 files may include PII belonging to customers.

Individuals were impacted if they submitted documentation in order to register a complaint about an ABTA member, or to support a customer's complaint. (The latter scenario only applies if individuals uploaded their supporting documentation since Jan. 11. Members were impacted if they used the website's self-service facility.

In response to the incident, the ABTA has taken steps to notify affected individuals, as well as the proper authorities. The organization also contacted the third party service provider responsible for the web server. The vulnerability has since been patched.

"We are not aware of any information being shared beyond the infiltrator," wrote ABTA CEO Mark Tanzer in the organization's statement. "I would personally like to apologize for the anxiety and concern that this incident may cause to any customer of ABTA or ABTA Member who may be affected. It is extremely disappointing that our web server, managed for ABTA through a third-party web developer and hosting company, was compromised, and we are taking every step we can to help those affected."

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.