Online travel booking and review website Viator has warned 1.4 million of its customers that their account details and credit card information could have been compromised by a recent data breach, of which it was made aware of on 2 September.
The company, recently acquired by TripAdvisor, says it was informed by its payment card provider that unauthorised charges had occurred on a number of customer credit cards and immediately launched an investigation.
It says it hired forensic experts, notified law enforcement agencies and worked to secure its systems before telling users about the breach on 19 September.
“Protecting the security of our customer information is paramount, and we are taking immediate steps to investigate and determine the full scope of the compromise. We deeply regret any inconvenience this may cause.”
Up to 880,000 may have had their card information and personal details compromised, but there is no suggestion that the three or four digit CVV numbers on the rear of the card have been stolen. A further 560,000 may have had their login details stolen.
Viator recommends users change their password for the site, as well as any others using the same credentials, and to monitor their card activity. It says customers will not be charged if they report any fraud within a reasonable amount of time. Free identity protection services will be offered to US users and the company is also investigating the possibility of offering similar services to customers outside the country.
“It’s unfortunate that this latest data breach has taken more than two weeks to come to light,” says Chris Boyd, malware intelligence analyst at Malwarebytes. “Those who are eligible for the free ID monitoring services should take advantage of the offer and keep an eye on their statements. As time goes on, the “valid rate” of any card dump – the best guess percentage of cards which will work versus those already cancelled – will continue to dwindle.
“As Viator have stated they believe the CVV for cards was not collected, it may be a good idea for potential victims to ensure their online logins are secure and not tied to one password while they wait for more information to emerge. As a general rule, customers should always use passwords a lot longer than the suggested minimum of six characters and get into the habit of using password managers to ensure they’re not falling into the trap of password reuse.”
Massive data breaches have impacted a number of US retailers in recent months, with 40 million customers impacted by an attack on Target in 2013. It is believed a recent breach at The Home Depot was even bigger, affecting as many as 56 million people.
What do you know about Internet security? Find out with our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…