The Association of British Travel Agents (Abta) has revealed a cyber-attack on its website may have compromised the personal data of up to 43,000 individuals, including holidaymakers from member companies such as Tui and Jet2.
The breach, which occurred on 27 February, involved hackers accessing web servers hosting the Abta website. Stolen data includes customer information from Abta members and details about the members themselves. Approximately 1,000 files contained personal identity information of holidaymakers.
Abta stated that the majority of affected records relate to users who registered on abta.com, with email addresses and encrypted passwords—data considered at low risk for identity theft or fraud. The association has contacted affected individuals and provided guidance to mitigate potential risks.
Chief executive Mark Tanzer apologised for the incident, calling it “extremely disappointing” that the server, managed by a third-party developer, was compromised. He confirmed that Abta is unaware of any further dissemination of the stolen data but has alerted the Information Commissioner’s Office and the police as a precaution.
