Travel websites can be prime targets for cyber attacks due to the large amount of personal and financial information that they can hold. A hacker could potentially obtain a plethora of information from many individuals who have used these websites to book various reservations. Abta (Association of British Travel Agents), a popular travel website was hacked at the end of last month, and it is feared that it may have affected around 43,000 people.
What Was Affected in the Breach
The cyber attack was launched on February 27th, and the organization reports that around 1,000 files that may include “personal identity information” of vacationers that made complaints about Abta members could have been involved. Fortunately, Abta is reporting that no financial or bank information was purloined, but there is growing concern that cyber criminals will use details such as names, addresses, and phone numbers to create fraudulent bank accounts. Abta said in a statement, “On further, urgent investigation we identified that the incident occurred on the 27th February 2017 and related to some customer information, including complaints about ABTA Members, and to documentation uploaded via abta.com in support of ABTA membership. Although encrypted, passwords used by ABTA Members and customers of ABTA Members to access our website may also have been accessed.” According to Abta chief executive, Mark Tanzer, they are currently not aware of any information being shared beyond the infiltrator, but they are monitoring the situation, as well as taking steps to warn Abta members and Abta customers.
How the Attack Was Made Possible
Abta has said that the breach was made possible through criminals exploiting a vulnerability in a server that is managed by a third party web developer and hosting company. Upon discovering the unauthorized access, they alerted the third party providers of the website, who then quickly fixed the vulnerability. Abta then involved security risk consultants to evaluate the extent of the breach.
Often times, breaches like this can be avoided, as it comes down to assessing third party connections. According to Andrew Avanessian, vice president of security firm Avecto, this appeared to be another preventable breach. He stated, “It’s crucial that all organisations take into account their relationship with third parties when creating cyber security strategies and ensure that every endpoint in the cyber security chain is secure. It only takes one vulnerable device or server to compromise an entire network, and in turn, impact business reputation and the security of thousands of customers.” While it was the third party that had the vulnerability, responsibility is also upon Abta in a way for not ensuring proper security in that partnership.
Recovering from a Cyber Attack Through Proper Data Breach Solutions
As touched on above, a single vulnerability can impact the entire network of an organization. A successful cyber attack could be able to purloin data, financial information, and valuable intellectual property. The proper handling of a data breach is what can allow an organization to recover from it, and when not addressed appropriately, it can potentially cause them to fail. In the event of a breach, an organization must immediately apply data breach solutions, including actions such as forensic cyber investigation and nullification or mitigation of the threat. An organization must be able to display to their public that they have handled the breach correctly, otherwise trust and reputation can be completely destroyed. Massive Alliance’s wide range of data breach solutions can help an organization to come back from vicious cyber attacks.