https://www.theguardian.com/technolo...de-association
Abta says cyber-attack may have affected 43,000 people, including 1,000 files with personal identify data of holidaymakers

A cyber-attack on the website of the UK’s largest travel association could have affected about 43,000 people, including 1,000 holidaymakers.

The Association of British Travel Agents (Abta) said hackers broke into web servers hosting the organisation’s website on 27 February and stole data related to customers of its members, which include tour operators, and information pertaining to the members themselves.

The breach is estimated to have affected 43,000 people, including around 1,000 files containing personal identity information of customers of Abta members.

Abta added that the vast majority of the 43,000 relate to people who have registered on abta.com, with email addresses and encrypted passwords, which are types of data at “a very low exposure risk to identity theft or online fraud”.

The Abta chief executive, Mark Tanzer, said: “I would personally like to apologise for the anxiety and concern that this incident may cause to any customer of Abta or Abta member who may be affected.

“It is extremely disappointing that our web server, managed for Abta through a third party web developer and hosting company, was compromised, and we are taking every step we can to help those affected.”

Tanzer said Abta was not aware of hackers passing the stolen data on but as a precautionary measure is warning both customers of Abta members and Abta members who have the potential to be affected.

“We are today contacting these people and providing them with information and guidance to help keep them safe from identity theft or online fraud,” he said.
Abta has alerted the data watchdog, the information commissioner, and the police.