Online TripAdvisor Viator.com has been reportedly hit by a massive data breach compromising personal details of more than 1.4 million customers.
The San Francisco-based Viator, which TripAdvisor acquired for $200 million back in July, confirmed that it has already sent emails to the affected customers notifying them that their credit- and debit-card numbers along with other personal information such as email addresses, names, and postal addresses may have been compromised in the breach.
Viator, in a press release, said that it came to learn about the security breach on September 2 after the company’s payment card service provider informed it about unauthorized usage of credit cards belonging to its customers. The company, however, announced the breach 17 days later, on September 19, when it posted a notice on its website.
Viator stated that the company is notifying approximately 880,000 customers who may have had their payment card information (encrypted credit or debit card number, card expiration date, name, billing address and email address), and possibly their Viator account information (email address, encrypted password and Viator “nickname”) compromised. In addition, the company is also notifying 560,000 customers whose Viator account information may have been affected (email address, encrypted password and Viator “nickname”).
The travel advisor said that they believe that the CVV number, which is a three or four number code printed on back of the customer’s credit card, may not have been breached.
Viator said that it has hired forensic experts to figure out exactly how the company’s systems were compromised, and what steps should be taken in order to secure Viator’s systems from future attacks.
Meanwhile, Viator has advised affected customers to regularly monitor their card activity and report any fraudulent charges. The company is offering US customers identity protection and credit card monitoring services for free.
