Travel Site Breach Impacts 1.4 MillionPayment Card Details Potentially Exposed
Travel-booking website Viator is notifying approximately 1.4 million customers about a data breach that could potentially affect payment card data, along with other personal information, used to make bookings through the company's websites and mobile offerings.
In August, Viator officially became part of the TripAdvisor family of companies after an acquisition originally announced in July.
On Sept. 2, Viator was informed by its payment card service provider that unauthorized charges occurred on a number of its customers' credit cards. The company hired forensic experts, notified law enforcement and launched an investigation into the incident, according to a notice posted to Viator's website.
Although the investigation is ongoing, Viator has determined that approximately 880,000 of its customers may have had their payment card information - including encrypted credit or debit card number, card expiration date, name, billing address and e-mail address - compromised. In addition, those customers may have had their account information, such as encrypted password and Viator "nickname," exposed.
"We have no reason to believe at this time that the three or four digit [security] code printed at the back or front of customers' cards were compromised," Viator says. "Additionally, debit PINS are not collected by Viator and could therefore not be compromised."
Approximately 560,000 customers may have had just their account information, and not payment card information, compromised, the company says.
Viator is offering affected individuals in the U.S., UK and Canada free identity protection services, including credit monitoring, for one year, a spokesperson said to Information Security Media Group.
Users are being asked to reset their passwords on the Viator website, and any other site where the same password is used.