7 February Recent data breach illustrates travel industry cyber threat February 7, 2024 By Bec Olsen General 0 Recent data breach illustrates travel industry cyber threat In January, details emerged of a data breach at an Australian travel agency, which saw more than 112,000 records from the company’s database leaked online. The incident saw details including passport images, travel visas, itineraries and tickets, as well as partial credit card numbers, leaked from the company’s non-password-protected database. Cyber breaches in Australia have become a persistent threat to businesses over recent years, and while the Optus and Medibank leaks were the most prominent, a number of cyber breaches are reported each day. From July 2022 to June 2023, 895 data breaches were reported to the Office of the Australian Information Commissioner (OAIC), with 42 of those affecting 5000 or more people. While health service providers, finance companies, recruitment agencies, legal, accounting and management services and insurance businesses are the top five sectors to be affected, the Inspiring Vacations breach illustrates just how attractive travel businesses are to hackers. “The travel sector deals with a significant amount of sensitive data,” says Simon Carter, Division Manager of Executive and Professional Risks at Gow-Gates. “From passport details and visas to payment details and travel itineraries, the information a travel agent or tour operator collects is extremely attractive to cyber criminals, and it’s essential your systems and digital security stand up to the threat today.” The impact of a data breach From a business perspective, a data breach can have huge and long-lasting implications. Firstly, there’s reputational damage. How many people are actively going to choose a company that hasn’t looked after customer data? Secondly, there’s the operational disruption of the breach and the subsequent investigation, followed by the need to review and change business practices. Lastly, consider the direct repercussions of the breach, specifically the legal implications that could follow. Add to that the financial costs – an average of $39,000 per business in 2021-22 – and it’s clear to see the devastating impact a cyber breach can have. A robust approach to cyber security must be embedded within an organisation to minimise the chances of being affected by a data breach – and it’s important to understand that not just the big players are targeted. “You might think that it’s only companies the size of Optus that cybercriminals will find attractive,” says Simon Carter. “However, that’s not accurate – they will just as readily target smaller businesses, which means, regardless of size, it’s imperative you take cyber security seriously. “While stealing data from an Optus-sized business, for example, may result in greater volumes of data, the reality is it will take greater effort, and the business will have a ready-to-go response mechanism. “Smaller businesses can be easier to get into – as we saw with Inspiring Vacations – and how the business responds may not be as firmly established. How to prevent a data breach You cannot eliminate the threat of a cyber breach entirely. However, you can reduce the risk by having robust business practices, including on-time software updates and continual cyber education for employees. Key things that every business should be doing include: 1. Ensuring all software is updated regularly. This means known weaknesses are strengthened, and the most up-to-date software is in place. 2. Running regular cyber security awareness sessions for employees, continually talking about cyber security as everyone’s responsibility, and helping employees spot potential threats. A huge number of cyber breaches are directly or indirectly the fault of human error, such as people clicking on a suspicious link. 3. Ensuring multi-factor authentication (MFA) is enabled where available. 4. Having a documented cyber security policy that details the expectations of employees, plus how the business will respond in the event of an attack. For more advice on how to prepare your business to cope with cyber threats, take a look through the Government’s business cyber security checklist. The OAIC also has some valuable information to help businesses reduce the risk. Of course, having the right insurance cover for a cyber breach is essential. Insurance provides an excellent safety net should all mitigation efforts fail, and by working with a broker, underwriter and insurer, you can embed solid practices and mitigation strategies into your every day. “Speak to your broker about the cover your business needs,” says Simon Carter. “Some cyber exposure may be covered under a Directors and Officers policy, while other exposure may need a dedicated cyber policy.” The importance of getting your cyber security right As illustrated by the Inspiring Vacations breach, every company is a potential victim of cybercrime. Do you have the right mitigation strategies in place, or are you effectively crossing your fingers and hoping for the best? Speak to one of our Travel Team today, and we can help you protect your business from the threat of cybercrime. Katie Robinson | Team Manager – krobinson@gowgates.com.au Sandra Hall | Account Executive – shall@gowgates.com.au Alana Strassmeir | Assistant Account Broker – astrassmeir@gowgates.com.au Related Articles ATIA Highlights the Critical Role of Travel Advisors This Global Travel Advisor Day The Australian Travel Industry Association (ATIA) is using Global Travel Advisor Day (7 May 2025) to highlight the critical contribution accredited travel businesses and their incredible staff make every day to safer, smarter travel and championing their value as trusted professionals supporting millions of Australians. Travel has a new home – the Australian Travel Industry Association (ATIA) The Australian Travel Industry has a new peak industry body representing travel agents and advisors, tour operators, consolidators and wholesalers replacing the Australian Federation of Travel Agents (AFTA) effective today. Golden Age of Travel Agents: Industry Hits Back at Misleading KPMG Report The Australian Travel Industry Association (ATIA) has rejected claims in KPMG’s latest research report that the travel agent profession is in decline, describing the findings as misleading and disconnected from both real-time industry activity and government-backed projections. ATIA and My First Job Launch “The Travel Gap” to Expand Travel Workforce The Australian Travel Industry Association (ATIA) has joined forces with My First Job, the innovative youth employment platform, to launch The Travel Gap, a new initiative designed to inspire and support school leavers in discovering exciting, real-world careers within Australia’s travel industry. ATIA unveils game-changing initiatives at inaugural Beyond Borders Summit The Australian Travel Industry Association (ATIA) has announced a series of landmark initiatives aimed at reshaping Australia’s travel sector at the first-ever Beyond Borders Summit in Sydney. Traveldream.com.au issues highlight importance of choosing only ATIA-accredited travel businesses The Australian Travel Industry Association (ATIA) is aware of reports of the collapse of Traveldream.com.au. Showing 0 Comment Comments are closed.