TripAdvisor security breach leaks 1.4 million customers’ details
Tue 23 Sep 2014
Travel company Viator, purchased last month for £122mn ($200mn) by online review giant TripAdvisor, has suffered a security breach enabling criminals to gain access to the confidential details – including payment details – of 1.4 million registered Viator customers.
According to the official announcement, the company was informed by its payment card service provider on 2nd September that unauthorised charges had been made to an undisclosed number of its customers’ credit cards.
Viator is separately notifying the 880,000 customers who had payment details saved with their account information, though the announcement states that neither debit PIN numbers nor four-digit security codes will have been compromised by the attack.
The theft was discovered via the bookings system underpinning the company’s sites. Viator is offering credit monitoring to U.S. customers who may have been affected by the compromise, and are ‘encouraging’ members to change their passwords, both at Viator and on any other sites that could be collaterally compromised by the use of duplicate sign-in details. No monitoring provision has been announced for non-U.S. customers at this time.
The announcement concludes: “Responding properly to this incident is our top priority, and we are committed to taking all appropriate steps to safeguard our customers’ personal information.”
While no details have been released as to how the intruders gained access to the customer database, Viator says that ‘[we] have hired forensic experts, notified law enforcement and we have been working diligently and comprehensively to investigate the incident, identify how our systems may have been impacted, and secure our systems.’
Some criticism has been forthcoming about the delay in making the information public. Even though the password tables in the customer database were encrypted, delays in response inevitably mean that an increasing number of them will become compromised, particularly if the passwords are weak.
Viator is an ecommerce hub trading in tours and attractions all over the world, and only one of a string of acquisitions over the last five years for TripAdvisor, which acquired UK holiday rental website holidaylettings.co.uk in 2010, Travel Facebook app Where I’ve Been the following year, and three New York based websites and apps in the following two years.
TripAdvisor’s NASDAQ shares dropped by four per cent when news of the security breach arrived at the markets.