recommended reading

Threatwatch

1.4 Million Viator Travel Site Users Affected by Payment and Account Breach

Network intrusion; Stolen credentials; User accounts compromised

Viator learned of the incident on Sept. 2 when a payment card service provider notified the tours and activities website of unauthorized charges made to a number of customers’ credit cards.

It is unclear how systems at the company, now owned by TripAdvisor, were compromised.

The breach could have exposed card data, as well as customer email addresses, passwords and usernames for Viator online accounts.

The card data that was possibly stolen had legitimately been used to book trips through Viator’s website or apps.

As of Sept. 19, the company was in the process of alerting clients who had some form of information potentially compromised.

About 880,000 customers might “have had their payment card information (encrypted credit or debit card number, card expiration date, name, billing address and email address), and possibly their Viator account information (email address, encrypted password and Viator ‘nickname’) compromised,” a breach notice states. “In addition, we are notifying approximately 560,000 customers whose Viator account information may have been affected (email address, encrypted password and Viator ‘nickname’).”

There is no evidence right now that security numbers located on the back of cards were accessed.

sector

Hospitality

reported

September 22, 2014

reported by

Travel Trends

number affected

1.4 million customers

location of breach

Unknown

perpetrators

Criminals

location of perpetrators

Unknown

date breach occurred

Unknown

date breach detected

September 02, 2014