[BreachExchange] Abta suffers security breach affecting thousands of glum British holidaymakers

[Audrey McNeil]

https://arstechnica.co.uk/tech-policy/2017/03/abta-
security-breach-affecting-43000-brits-and-travel-agents/

Abta has warned thousands of aggrieved British holidaymakers—who regularly
contact the UK trade body to complain about its tour operator members—that
their data was exposed after an "external infiltrator" apparently exploited
a vulnerability on a third party website.

An external infiltrator is a fancy way of saying that a hacker had
compromised an unnamed contractor's Web server "supporting" Abta.com. The
miscreant pinched e-mail addresses and encrypted passwords of Abta members
and travel agents' customers, it said.

But Abta (the association of British travel agents) added that roughly
1,000 stolen files "may include personal identity information of customers
of Abta members" and another 650 "may include personal identity
information" of travel agents registered with the organisation.

"I would personally like to apologise for the anxiety and concern that this
incident may cause to any customer of Abta or Abta member who may be
affected," said the body's chief, Mark Tanzer. "It is extremely
disappointing that our Web server, managed for Abta through a third party
Web developer and hosting company, was compromised, and we are taking every
step we can to help those affected."

It said that the police and the Information Commissioner's Office had been
notified about the security breach, but did not reveal when it had first
become away of the hack attack. Abta said that an "incident" had occurred
on February 27.

"Abta worked to contain the incident immediately, engaging security risk
consultants and specialist technical consultants," it added. "We will
continue to take steps to ensure the ongoing security of our systems. We
will also conduct a full investigation of the incident with our third party
Web hosting company and Web developers."

It was keen to stress that most of the data ransacked by hackers had "a
very low exposure risk to identity theft or online fraud." However, Abta
said that some information uploaded by its members since January 11, in
support of a complaint, and details added by tour operators in support of
their membership had also been exposed.

Customers and Abta members have been advised to change their passwords as a
"precautionary measure."

"The vulnerability that was exploited by the infiltrator only enabled
access to uploaded supporting documentation, and did not affect other IT
systems or forms that had been completed online," Abta claimed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170317/f1cd46c7/attachment.html>