Up to 43,000 British holidaymakers may have had data stolen following a hack on trade travel organisation ABTA.
The incident took place on February 27, 2017, and was announced on Thursday.
“We recently became aware of unauthorised access to the web server supporting abta.com by an external infiltrator exploiting a vulnerability,” ABTA CEO Mark Tanzer said in a statement.
In other words, a hacker (or hackers) found an bug in ABTA’s software, and used that to get into its website — and then may have “accessed” or stolen customer data.
The incident has been reported to the police and the Information Commissioner, ABTA says.
Up to 43,000 people were affected, though to varying degrees. The “vast majority” simply had accounts on ABTA, meaning their email addresses, encrypted passwords, and basic contact details may have been accessed.
But around 1,000 of those affected may have had more extensive information accessed, including details of complaints submitted by holidaymakers about about companies that are members of ABTA. Another 650 “may include personal information of ABTA Members” themselves.
It’s not immediately clear whether the 43,000 individuals’ data was just temporarily “accessed” or actively downloaded and stolen. (Large user datasets are a frequent target for hackers, who can trade or sell them on.) Reached for comment by phone, an ABTA spokesperson said the company was investigating and could not comment beyond the statement due to an ongoing police investigation.
They similarly declined to comment on the status of the investigation, or if there are currently any suspects.
More from Business Insider UK:
- Coal isn’t dead yet and the railroads are loving it
- Drinkers are starting to lose their taste for the most popular beer in America
- The Queen has officially signed the Brexit Bill
- Why GM invites ethical hackers to try and hack its cars
- The FTSE 100 hits a fresh record after the Fed raises rates and Dutch voters reject populism