The incident occurred on the 27 February 2017, and the unauthorised access to the association’s web server was made by an external infiltrator exploiting a vulnerability.
According to the association’s statement, the incident may have affected approximately 43,000 individuals. Around 1,000 of these are files that may include personal identity information of customers of ABTA Members (in support of their complaint about an ABTA Member), uploaded since 11 January 2017; around 650 may include personal identity information of ABTA Members.
The vast majority of the 43,000 relate to people who have registered on abta.com, with email addresses and encrypted passwords, or have filled in an online form with basic contact details, which are types of data at a very low exposure risk to identity theft or online fraud.
As soon as ABTA was made aware of the breech, it has reported this incident to the Information Commissioner and to the Police and moved to fix the vulnerability, while also engaging consultants to assess the damage.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now