data uploaded to website of holiday and travel association . Hackers used a flaw in the web server running the website of ABTA , the UK 's largest holiday and travel association , to accessAttack.Databreachthe data of as many as 43,000 people . ABTA CEO Mark Tanzer says an `` external infiltrator '' used a vulnerability in the firm 's web server to accessAttack.Databreachdata provided by its members and some of those members ' customers . ABTA is the UK 's largest travel association , representing travel agents and tour operators that sell £32bn of holidays and other travel each year . It said the unauthorised accessAttack.Databreach-- on 27 February 2017 -- may have affected 43,000 individuals . Around 1,000 of the accessed files may include personal identity information relating to customers of ABTA members , submitted in support of their complaint about an ABTA member . These files relate to complaints uploaded to ABTA after 11 January 2017 . Additionally , around 650 files may include personal identity information of ABTA members . But Tanzer said : `` We are not aware of any information being sharedAttack.Databreachbeyond the infiltrator . '' The travel trade association said the vast majority of the 43,000 were people who had registered on abta.com , with email addresses and encrypted passwords , or have filled in an online form with basic contact details `` which are types of data at a very low exposure risk to identity theft or online fraud '' . Once it became aware of the intrusion , ABTA notified the third-party suppliers of the abta.com website , who immediately fixedVulnerability-related.PatchVulnerabilitythe vulnerability , and the association hired risk consultants to assess the potential extent of the incident . It has also alerted the Information Commissioner and the police . `` It is extremely disappointing that our web server , managed for ABTA through a third party web developer and hosting company , was compromised , and we are taking every step we can to help those affected , '' said Tanzer . ABTA saidVulnerability-related.DiscoverVulnerabilityits own systems remained secure and the vulnerability was in the web server for abta.com , which is managed for ABTA through a third-party web developer and hosting company . The association said that ABTA members or members of the public who have registered on abta.com should immediately change their password and , if they used this password or any variation of it for other accounts , they should change that too . It said ABTA members who have used ABTA 's online self-service facility to upload supporting documentation relating to their membership may have had their data accessedAttack.Databreach, and `` should remain vigilant regarding online and identity fraud '' .
About 1,000 files accessedAttack.Databreachmay include personal identity information of individuals who have made a complaint about an Abta-registered travel agent . It says it is contacting those affected by the hack which happened on 27 February and has a dedicated helpline . It has also alerted the police and the Information Commissioner 's Office ( ICO ) . Part of the ICO 's role is to help the public manage their personal data . Abta chief executive Mark Tanzer said he would `` personally like to apologise for the anxiety and concern '' caused to Abta customers and members . `` It is extremely disappointing that our web server , managed for Abta through a third party web developer and hosting company , was compromised and we are taking every step we can to help those affected . '' Mr Tanzer said the organisation was not aware of any of the information being sharedAttack.Databreachbeyond the infiltrator . The organisation gives advice and guidance to holidaymakers , sets standards for travel firms and promotes responsible tourism in the UK and abroad . It said the type of data which may have been accessedAttack.Databreachincluded : Abta said the `` vast majority '' of the 43,000 people affected were those who had registered with email addresses and encrypted passwords or had filled in an online form with basic contact details . It said there was `` a very low exposure risk to identity theft or online fraud '' with this kind of data . It advised customers and ABTA members registered on the site to change their passwords as a `` precautionary measure '' . It has also offered people who may be affected a free-of-charge identity theft protection service .
We recently became aware of unauthorised access to the web server supporting abta.com by an external infiltrator exploiting a vulnerability . Specialist technical consultants subsequently confirmed that the web server had been accessed . We are not aware of any information being sharedAttack.Databreachbeyond the infiltrator . We are actively monitoring the situation , but as a precautionary measure we are taking steps to warn both customers of ABTA Members and ABTA Members who have the potential to be affected . We are today contacting these people and providing them with information and guidance to help keep them safe from identity theft or online fraud . We have also alerted the relevant authorities , including the Information Commissioner and the Police . I would personally like to apologise for the anxiety and concern that this incident may cause to any customer of ABTA or ABTA Member who may be affected . It is extremely disappointing that our web server , managed for ABTA through a third party web developer and hosting company , was compromised , and we are taking every step we can to help those affected . I will personally be working with the team to look at what we can learn from this situation . Outlined below , we have answered further questions , which include some guidance for customers of ABTA and ABTA Members . We recently became aware of unauthorised access to the abta.com web server by an external infiltrator . This was possible due to a system vulnerability that the infiltrator exploited to accessAttack.Databreachsome data provided by some customers of ABTA Members and by ABTA Members themselves . On immediate investigation , we identifiedVulnerability-related.DiscoverVulnerabilitythat although ABTA ’ s own IT systems remained secure , there was a vulnerability to the web server for abta.com , which is managed for ABTA through a third-party web developer and hosting company . As a precautionary measure we have taken steps to warn Members and customers of ABTA Members who have the potential to be affected . We have contacted those people and provided them with information and guidance to help keep them safe from identity theft or online fraud . These steps include two dedicated helplines , for customers of ABTA Members and for ABTA Members , and free access to an identity theft protection service offered by Experian . We have also alerted the relevant authorities , including the Information Commissioner and the Police . The unauthorised access may have affected approximately 43,000 individuals . Around 1,000 of these are files that may include personal identity information of customers of ABTA Members ( in support of their complaint about an ABTA Member ) , uploaded since 11 January 2017 ; around 650 may include personal identity information of ABTA Members . The vast majority of the 43,000 relate to people who have registered on abta.com , with email addresses and encrypted passwords , or have filled in an online form with basic contact details which are types of data at a very low exposure risk to identity theft or online fraud . We have provided specific guidance information , including contact details for a dedicated helpline to assist with any further questions . If you think you have been a victim of fraud , report it to Action Fraud online at www.actionfraud.police.uk or call 0300 123 2040 .