Global tours and activities provider Viator is notifying more than one million customers that their personal data – including payment card information – may have been compromised in a data breach.
How many victims? Roughly 1.44 million.
What type of personal information? For about 880,000 customers, encrypted credit and debit card numbers, card expiration dates, names, billing addresses and email addresses, and possibly Viator account information, including email addresses, encrypted passwords and Viator nicknames. For approximately 560,000 customers, Viator account information, including email addresses, encrypted passwords and Viator nicknames.
What happened? An investigation is ongoing.
What was the response? Viator is notifying customers believed to have personal information compromised, and is offering them free identity protection and credit monitoring services. Viator is conducting a full audit of its security systems, applying additional security measures, reinforcing and improving its intrusion detection and prevention systems and firewalls, reinforcing and improving its security tools, reviewing and hardening its systems, and eliminating the need to store payment card details in its system. Members are being encouraged to reset their passwords.
Details: Viator was notified by its payment card service provider on Sept. 2 that unauthorized charges occurred on a number of customer credit cards. Three and four digit codes on the back and front of customer payment cards are not believed to have been compromised. Debit PIN numbers are not collected by Viator and could not be compromised.
Quote: “We have hired forensic experts, notified law enforcement and we have been working diligently and comprehensively to investigate the incident, identify how our systems may have been impacted, and secure our systems,” according to a notification on the Viator website.