Up to 43,000 British holidaymakers may have had their personal data stolen in a hack

Ocean City Beachrypson/iStockThat’s a lot of people.

Up to 43,000 British holidaymakers may have had data stolen following a hack on trade travel organisation ABTA.

The incident took place on February 27, 2017, and was announced on Thursday.

“We recently became aware of unauthorised access to the web server supporting abta.com by an external infiltrator exploiting a vulnerability,” ABTA CEO Mark Tanzer said in a statement.

In other words, a hacker (or hackers) found an bug in ABTA’s software, and used that to get into its website — and then may have “accessed” or stolen customer data.

The incident has been reported to the police and the Information Commissioner, ABTA says.

Up to 43,000 people were affected, though to varying degrees. The “vast majority” simply had accounts on ABTA, meaning their email addresses, encrypted passwords, and basic contact details may have been accessed.

But around 1,000 of those affected may have had more extensive information accessed, including details of complaints submitted by holidaymakers about about companies that are members of ABTA. Another 650 “may include personal information of ABTA Members” themselves.

It’s not immediately clear whether the 43,000 individuals’ data was just temporarily “accessed” or actively downloaded and stolen. (Large user datasets are a frequent target for hackers, who can trade or sell them on.) Reached for comment by phone, an ABTA spokesperson said the company was investigating and could not comment beyond the statement due to an ongoing police investigation.

They similarly declined to comment on the status of the investigation, or if there are currently any suspects.

More from Business Insider UK:

NOW WATCH: 7 amazing technologies we’ll see by 2030

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.