ABTA has revealed some 43,000 people could be affected by a cyber-attack on its website.
An “external infiltrator” exploited a technological vulnerability, according to the organisation, accessing data provided by ABTA customers and ABTA members themselves via the website.
About 1,000 files were accessed and include personal identity information of individuals who have made a complaint about an ABTA-registered travel agent.
The breach happened on February 27th.
“Having become aware of the unauthorised access, we immediately notified the third-party suppliers of the abta.com website who immediately fixed the vulnerability.
“ABTA immediately engaged security risk consultants to assess the potential extent of the incident. Specialist technical consultants subsequently confirmed that the web server had been accessed,” said ABTA chief executive, Mark Tanzer.
ABTA has also alerted the Information Commissioner and the police.
The organisation revealed the “vast majority” of the 43,000 people affected were those who had registered with email addresses and encrypted passwords or had filled in an online form with basic contact details.
It said there was “a very low exposure risk to identity theft or online fraud” with this kind of data.
It advised customers and ABTA members registered on the site to change their passwords as a precautionary measure.
ABTA has also offered people who may be affected a free-of-charge identity theft protection service.