Abta revealed a cyber breach and theft of data of 650 members and 43,000 customers last week, but insisted “the vast majority” was “at low risk” of identity theft or online fraud.
The association acted promptly and has been contacting all those affected, with an expert saying Abta acted “extremely well”. However, travel fraud expert Barry Gooch, chairman of PROFiT (Prevention of Fraud in Travel), said: “It’s unfortunate. It’s bad publicity.”
The breach, made through a third party that hosts Abta’s web server, occurred on February 27 and was discovered on March 1. Abta said police had identified the perpetrator’s online identity, and its own systems remain secure.
Chief executive Mark Tanzer said: “There is no evidence of data being taken or copied, but we can’t be certain. So we’re contacting everybody affected. About 1,000 files may include personal identity information of customers [and] personal identity information
of 650 members. This looks like an opportunistic attack.”
Gooch said: “There have been [many] companies hacked over the last couple of months and there is a massive risk for travel firms. Abta has acted extremely well.”
But he acknowledged the story had “been all over” The Sun and Mail Online and said: “It’s damaging for a brand like Abta which, quite rightly, tells consumers to have confidence in booking with an Abta member.
“This happens to government departments and they have the best security of anybody.”
Andrew Hill, senior associate in the cyber insurance team at law firm Hill Dickinson, said: “Reputation is key to this. At the moment it seems a text book handling of a breach by Abta.”
Abta promised an update on its handling of the breach once it has contacted all those affected.
Members can call the helpline: 020 3758 8779