TripAdvisor's Viator service said credit card information for some 880,000 of its users has been compromised in a data breach where customer data for 1.4 million subscribers was taken. Unauthorized charges have been showing up on some subscriber's cards, and TripAdvisor is currently saying it isn't sure how the attackers gained access to the user data.
880,000 creditcards stolen in Viator data breach
Viator issued a statement saying,
On September 2, we were informed by our payment card service provider that unauthorized charges occurred on a number of our customers' credit cards. We have hired forensic experts, notified law enforcement and we have been working diligently and comprehensively to investigate the incident, identify how our systems may have been impacted, and secure our systems.
The company said the attackers made off with encrypted credit and debit card numbers, card expiration dates, names, billing addresses and email addresses. Viator user names and passwords may have been compromised, too.
An additional 560,000 Viator subscribers may have had their user names and passwords taken, too.
TripAdvisor isn't the first company to suffer a serious data breach involving customer credit cards. Target and Home Depot, for example, both found themselves in the middle of similar situations and have been dealing with the fallout and PR headaches.
Viator added, "We are offering free identity protection services, including credit monitoring, for our customers in the U.S. We continue to explore whether there are appropriate comparable options for our customers outside the U.S. who may have been affected by this compromise."
The good news for TripAdvisor customers that don't use Viator is their data wasn't compromised. "This is an isolated incident for some Viator customers," a TripAdvisor spokesperson told The Mac Observer. "Viator and TripAdvisor are operated on separate systems with different design and security attributes, and with no overlap."
[Updated with clarification and statement from TripAdvisor]