Popular travel website, Viator, has notified approximately 1.4 million customers that personal information including payment card data and user credentials may have been compromised in a data breach. Viator(dot)com is prominently known for their massive travel review website, TripAdvisor.
San Francisco-based company, Viator, which specializes in reviews of travel-related content, announced the breach late last week, informing its customers approximately two weeks after their payment card service provider notified the company that unauthorized charges had occurred on a number customers’ credit cards.
“On September 2, we were informed by our payment card service provider that unauthorized charges occurred on a number of our customers’ credit cards,” Viator wrote. “We have hired forensic experts, notified law enforcement and we have been working diligently and comprehensively to investigate the incident, identify how our systems may have been impacted, and secure our systems.”
“While our investigation is ongoing, we are in the process of notifying approximately 1.4 million Viator customers, who had some form of information potentially affected by the compromise.”
During the company investigation, they found cybercriminals broke into their internal database and accesses customers payment card data, which includes encrypted versions of credit and debit card data, card expiration dates, names, billing and email addresses of approximately 880,000 customers. 560,000 were reported to have had their Viator email address, encrypted password and Viator nickname compromised.
In hopes of easing the news, Viator has said customers three or four digit security codes, CVV or PIN numbers have not been compromised or accessed in the breach.
For affected customers in the United States, Viator is offering free identity protection and credit monitoring services as well as searching for similar solutions for customers outside the U.S.
As the breach was reported to have happened near the beginning of this month, the public and customers were just made aware, causing concern throughout the security community.
“The bad news is that the breach took place a good few weeks ago yet we’re only just hearing about it,” malware intelligence analyst, Christopher Boyd wrote. “The good news is that if you haven’t experienced a fraudulent transaction yet, you may be in the clear. Stolen payment data doesn’t tend to get stockpiled for too long because the people sitting on it know it’s only a matter of time before someone, somewhere notices and has the card cancelled”
Viator is primarily known for offering travel suggestions and giving the option to purchase day trips, tours, vacations and dinner vouchers through their services. Viator acquired TripAdvisor, the world’s largest travel site, for £122 million (about $200 million) back in July.