Recent data breach illustrates travel industry cyber threat


In January, details emerged of a data breach at an Australian travel agency, which saw more than 112,000 records from the company’s database leaked online.

The incident saw details including passport images, travel visas, itineraries and tickets, as well as partial credit card numbers, leaked from the company’s non-password-protected database.

Cyber breaches in Australia have become a persistent threat to businesses over recent years, and while the Optus and Medibank leaks were the most prominent, a number of cyber breaches are reported each day. From July 2022 to June 2023, 895 data breaches were reported to the Office of the Australian Information Commissioner (OAIC), with 42 of those affecting 5000 or more people.

While health service providers, finance companies, recruitment agencies, legal, accounting and management services and insurance businesses are the top five sectors to be affected, the Inspiring Vacations breach illustrates just how attractive travel businesses are to hackers.

“The travel sector deals with a significant amount of sensitive data,” says Simon Carter, Division Manager of Executive and Professional Risks at Gow-Gates.

“From passport details and visas to payment details and travel itineraries, the information a travel agent or tour operator collects is extremely attractive to cyber criminals, and it’s essential your systems and digital security stand up to the threat today.”

The impact of a data breach

From a business perspective, a data breach can have huge and long-lasting implications.

Firstly, there’s reputational damage. How many people are actively going to choose a company that hasn’t looked after customer data?

Secondly, there’s the operational disruption of the breach and the subsequent investigation, followed by the need to review and change business practices. Lastly, consider the direct repercussions of the breach, specifically the legal implications that could follow.

Add to that the financial costs – an average of $39,000 per business in 2021-22 – and it’s clear to see the devastating impact a cyber breach can have.

A robust approach to cyber security must be embedded within an organisation to minimise the chances of being affected by a data breach – and it’s important to understand that not just the big players are targeted.

“You might think that it’s only companies the size of Optus that cybercriminals will find attractive,” says Simon Carter. “However, that’s not accurate – they will just as readily target smaller businesses, which means, regardless of size, it’s imperative you take cyber security seriously.

“While stealing data from an Optus-sized business, for example, may result in greater volumes of data, the reality is it will take greater effort, and the business will have a ready-to-go response mechanism.

“Smaller businesses can be easier to get into – as we saw with Inspiring Vacations – and how the business responds may not be as firmly established.

How to prevent a data breach

You cannot eliminate the threat of a cyber breach entirely. However, you can reduce the risk by having robust business practices, including on-time software updates and continual cyber education for employees.

Key things that every business should be doing include:

  1. Ensuring all software is updated regularly. This means known weaknesses are strengthened, and the most up-to-date software is in place.
  2. Running regular cyber security awareness sessions for employees, continually talking about cyber security as everyone’s responsibility, and helping employees spot potential threats. A huge number of cyber breaches are directly or indirectly the fault of human error, such as people clicking on a suspicious link.
  3. Ensuring multi-factor authentication (MFA) is enabled where available.
  4. Having a documented cyber security policy that details the expectations of employees, plus how the business will respond in the event of an attack.

For more advice on how to prepare your business to cope with cyber threats, take a look through the Government’s business cyber security checklist. The OAIC also has some valuable information to help businesses reduce the risk.

Of course, having the right insurance cover for a cyber breach is essential. Insurance provides an excellent safety net should all mitigation efforts fail, and by working with a broker, underwriter and insurer, you can embed solid practices and mitigation strategies into your every day.

“Speak to your broker about the cover your business needs,” says Simon Carter.

“Some cyber exposure may be covered under a Directors and Officers policy, while other exposure may need a dedicated cyber policy.”

The importance of getting your cyber security right

As illustrated by the Inspiring Vacations breach, every company is a potential victim of cybercrime. Do you have the right mitigation strategies in place, or are you effectively crossing your fingers and hoping for the best?

Speak to one of our Travel Team today, and we can help you protect your business from the threat of cybercrime.

Katie Robinson | Team Manager –

Sandra Hall | Account Executive –

Alana Strassmeir | Assistant Account Broker –

Let's Connect

Discover the difference our expertise can make.

Speak directly with a member of our team.

Call +61 2 8267 9999


Leave us a message