The travel trade association, ABTA, says its website has been hacked.
The personal information of thousands of holidaymakers on abta.com could be affected by the cyber attack.
As many as 43,000 people are potentially impacted, but the organisation says only around 13,000 had detailed personal information on the site.
Emails, addresses and phone numbers may be included in the hacked information.
The travel body says it knew about the data breach on March 1st and it occurred on 27th February, but has only today alerted those affected. It claims that it acted as quickly as it could and that it has taken time to gather all necessary information before going public.
The organisation says its website's vulnerability has now been fixed. In a statement it says "We are not aware of any information being shared beyond the infiltrator. We are actively monitoring the situation, but as a precautionary measure we are taking steps to warn customers".
The travel organisation is sending alerts to 29,000 website users giving advice on what precautions they should take.
Around 1,000 people had uploaded details of their holiday complaints, which could include photos and documentation.
Passwords used by ABTA members and customers may also have been accessed.
The Information Commissioner and police have been alerted.
ABTA blames an " external infiltrator exploiting a vulnerability" and says no banking details have been compromised.