AA Traveller has apologised to customers after a breach that could have seen the data of thousands of users compromised.
Between 2003 and 2018, AA Traveller operated a website that allowed customers to make travel bookings, enter competitions and take part in surveys. However, a number of those customers have now had their personal information compromised in a security incident.
"We sincerely apologise about this situation and any inconvenience it may be causing," the company said. "The vulnerabilities have been addressed and the personal information on this system has been secured."
AA Traveller said it had recently discovered the vulnerability in an application where website information was stored.
"Since becoming aware of the issue, AA Traveller immediately moved to remedy the vulnerability and have been working with cyber security advisors to investigate this situation," the company said.
AA Traveller was also working on a detailed forensic investigation while the information on the application had been removed and secured.
The compromised system is no longer being used.
"The Privacy Commissioner was notified as soon as practicable after AA Traveller became aware of the breach, and notification to individuals are being sent now after confirmation that appropriate measures are in place to adequately address security risks to other information," AA Traveller said.
Customers could reduce risks to themselves by remaining vigilant to phishing emails or scam communications from organisations claiming to be AA Traveller or a financial institution, the company advised.
"You should also continue to be safe online by not responding to any emails or social media communications that you consider suspicious or calls from numbers you don’t recognise."