The most recent cyber attack to be reported may have affected around 43,000 people on the trade organisations website, according to ABTA.
It has been reported that around 1,000 files have been accessed by hackers. The details exposed may include personal information of individuals who had made a complaint against ABTA-registered travel agents.
The hack occurred on 27 February and ABTA has set up a helpline for people with concerns, while individually contacting those affected. The company has also alerted the Information Commissioner and the police.
>See also: 7 key lessons from TalkTalk’s data breach
Abta chief executive Mark Tanzer said he would “personally like to apologise for the anxiety and concern” caused to Abta customers and members.
“It is extremely disappointing that our web server, managed for Abta through a third party web developer and hosting company, was compromised and we are taking every step we can to help those affected.”
“I will personally be working with the team to look at what we can learn from this situation.”
The types of data accessed included; email addresses, encrypted passwords of Abta customers and members registered on the website, contact details of customers of Abta members who have used the website to register a complaint, data uploaded to support a complaint made about an Abta member since 11 January 2017 and data uploaded by Abta members in support of their membership.
>See also: Five keys to preparing for a data breach
ABTA said there was “a very low exposure risk to identity theft or online fraud” with the kind of data stolen.
Jes Breslaw, director of strategy, EMEA at Delphix commented on this latest, and unsurprising, cyber attack.
“Time and time again we have seen that even the most basic breach of personal identifiable information puts consumers at risk. Names, addresses and contact information all hold money-making potential for opportunistic cyber criminals on the dark web.”
“The latest ABTA breach once again reinforces why organisations need to prioritise the development of multi-layered security measures.”
“The challenge has always been that more robust security measures, such as data masking, are expensive and complex tasks that organisations have avoided. Yet encryption alone is not enough.”
“With the EU’s General Data Protection Regulation (GDPR) quickly coming down the line then protecting personal identifiable information will become an imperative. Otherwise organisations could risk fines of up to €20m or 4% of annual turnover worldwide. The ABTA provides an important service and this puts into question could they even survive fines in a GDPR era?”
“Organisations need to consider new dynamic data platforms that combine data masking with data virtualisation. This can enable them to scale up their data protection to safeguard all copies of sensitive data. Policy is applied just once, with the guarantee that all subsequent copies have the same protective measures applied. Not only will a dynamic data platform like this future proof the business from costly data breaches and ensure compliance but also improve agility and time-to-market.”