Cyber Incident Victim: Association of Canadian Travel Agencies and Travel Advisors

On April 21, 2025, the Association of Canadian Travel Agencies and Travel Advisors (ACTA) detected a cybersecurity incident involving unauthorized access to its email system. The organization promptly engaged IT specialists and forensic experts to investigate and contain the breach, which occurred earlier that month. ACTA President Suzanne Acton-Gervais communicated details of the incident to members via a letter dated July 29, 2025, confirming the compromise affected data stored within the email environment. The investigation determined that personal information from ACTA member profiles existing on or before April 21, 2025, may have been accessed by unauthorized parties. No evidence indicated compromise of financial or payment information systems. ACTA implemented immediate containment measures and reported the incident to relevant authorities while continuing forensic analysis to determine the full scope of access.

The breach potentially exposed member profile data maintained within ACTA's email system, though investigators found no indication of subsequent misuse. ACTA established a dedicated portal allowing members to review which profile information resided in the affected email environment during the breach timeframe. As a precautionary measure, the organization advised members to monitor accounts for unusual activity, update passwords, and exercise caution when sharing personal information. ACTA implemented additional security safeguards following the incident and designated Privacy Officer Avery Campbell as the primary contact for member inquiries. The association issued a formal apology for any inconvenience caused while reaffirming its commitment to data security and ongoing support for Canada's retail travel sector through enhanced protective measures.