Skip to content ↓ | Skip to navigation ↓

It was announced this week that at least 880,000 customers of the travel site Viatour have been affected by a breach, potentially compromising payment card data, email addresses, usernames and passwords of registered users.

Viatour, purchased by TripAdvisor earlier this year, also stated it expects to notify an additional 560,000 customers whose information may have been affected, totaling 1.4 million affected users.

According to an official statement, the company became aware of the breach only after its third-party payment card service provider alerted it to a number of fraudulent charges on customer accounts.

The company has since hired forensic experts to further investigate the incident but details of how the attack was was carried out are yet unclear. However, speculation from the breach suggests that the information may not have been as strongly protected as it should have been and whether Viatour could have approached the incident with more criticality.

“Now while I commend them for bringing this information forward in relatively short order I’m troubled that they have not reset all of their customer passwords,” said Dave Lewis in a CSO Online article. “Instead they are recommending that customers change their passwords.”

News of this event comes on the heels of a number of other recent high-profile breaches, including Home Depot. The nationwide home improvement retailer announced a six-month-long intrusion in their systems, compromising a total of 56 million customer credit cards and taking the title as the biggest retail breach ever.

In the meantime, the travel site is offering free identity protection services, including credit monitoring, for US-based customers. As always, Viatour encourages customers reset their passwords and watch their payment accounts closely for suspicious charges.

Read More Here…

Hacking Point of Sale
  • ulfmattsson

    I think it is time to stop the epidemic of data breaches. It is time to secure sensitive data across the entire data flow.

    Modern approaches like data tokenization can be implemented in the terminal at the point where the payment card is swiped.

    Studies have shown that users of data tokenization experience up to 50 % fewer security-related incidents (e.g. unauthorized access, data loss, or data exposure) than non-users. More secure than encryption.

    We should use this approach to also secure personal information across the entire data flow, in memory (against malware), in transit and at rest.

    Ulf Mattsson, CTO Protegrity