News has surfaced that a cyber-attack on the website of the Association of British Travel Agents (ABTA) could potentially have impacted as many as 43,000 people.
It is believed that the hackers behind the attack (which occurred on 27 February 2017) gained access to roughly 1000 files which may include personal identity information on customers of ABTA Members, the majority of which are email addresses and encrypted passwords, relating to complaints made about ABTA staff.
In a comment to Infosecurity, ABTA CEO, Mark Tanzer, said: “We recently became aware of unauthorised access to the web server supporting abta.com by an external infiltrator exploiting a vulnerability. The web server is managed for ABTA by a third-party web developer and hosting company. The infiltrator exploited that vulnerability to access data provided by some customers of ABTA Members and by ABTA Members themselves via the website.”
ABTA said it is not aware of any information being shared beyond the infiltrator, and the firm is actively monitoring the situation. As a precautionary measure, ABTA is taking steps to warn both customers of ABTA Members and ABTA Members who could potentially be impacted.
Attacks of this size and scale are becoming increasingly prevalent, traversing global industry. Criminal entrepreneurs are finding a foothold in the side of an ever-expanding cliff face of information. When names, addresses and contact information all hold money-making potential, companies have got a real fight on their hands to ensure that all data – even that of seemingly less sensitive kind – stays out of the hands of hackers.