The credit card details of up to 880,000 Viator.com customers may have been “compromised” in a massive security breach while it also appears the website accounts of another 560,000 people were hacked.
Viator, a tours and activities website, first became aware of the cyber security attack in early September and is still coming to terms with the scope of what has actually occurred.
“Protecting the security of our customer information is paramount, and we are taking immediate steps to investigate and determine the full scope of the compromise,” the company, which is now owned by TripAdvisor, said in a statement.
“On September 2, we were informed by our payment card service provider that unauthorized charges occurred on a number of our customers’ credit cards.
“We have hired forensic experts, notified law enforcement and we have been working diligently and comprehensively to investigate the incident, identify how our systems may have been impacted, and secure our systems.
“We are notifying approximately 880,000 customers whom we currently believe may have had their payment card information (encrypted credit or debit card number, card expiration date, name, billing address and email address), and possibly their Viator account information (email address, encrypted password and Viator “nickname”) compromised.
“We have no reason to believe at this time that the three or four digit code printed at the back or front of customers’ cards were compromised.
“Additionally, debit PIN numbers are not collected by Viator and could therefore not be compromised.
“In addition, we are notifying approximately 560,000 customers whose Viator account information may have been affected (email address, encrypted password and Viator “nickname”).”