ABTA, the UK travel trade association, has admitted its abta.com website suffered a data security incident affecting 43,000 individuals.
In a statement, the organisation says that the breach came via "unauthorised access to the web server supporting abta.com by an external infiltrator exploiting a vulnerability" and that the server is managed for ABTA through a third party web developer and hosting company.
It adds that none of ABTA's other IT systems were compromised and that only certain parts of the abta.com back-end were impacted, with online forms the most exposed - forms filled in by customers making a complaint or members using forms to update their profile and details on the site.
The breach took place on 27 February. It appears as if email addresses, passwords and contact details were exposed, "types of data at a very low exposure risk to identity theft or online fraud".
ABTA also says it is not aware that any of the details have been shared beyond the infiltrator.
Nonetheless, ABTA is getting in touch with those whose details might have been accessed and advising them to change passwords and keep an eye out for any unusual activity.
While the actuality of the hack appears to be relatively benign, there is the usual caveat to members of the public and ABTA members alike about the potential dangers of using the same password for different accounts.
It is also a bit embarrassing for an organisation which has been vocal in its warnings to the public and its own membership about the dangers of online fraud.
NB: Image by Flynt/BigStock.