TripAdvisor stock was down 4% on Monday and trading around 94 as word circulated about a recent data breach at its tour booking and review website, Viator.

Viator published a press release on September 19 informing customers of a serious breach of their systems.

An investigation is currently underway and Viator is in the process of notifying roughly 1.4 million of its customers of the breach.

Viator’s press release states:

‘We are notifying approximately 880,000 customers whom we currently believe may have had their payment card information (encrypted credit or debit card number, card expiration date, name, billing address and email address), and possibly their Viator account information (email address, encrypted password and Viator “nickname”) compromised. We have no reason to believe at this time that the three or four digit code printed at the back or front of customers’ cards were compromised. Additionally, debit PIN numbers are not collected by Viator and could therefore not be compromised.’

‘In addition, we are notifying approximately 560,000 customers whose Viator account information may have been affected (email address, encrypted password and Viator “nickname”).’

Details of how the breach occurred are scarce but Viator has forensic experts on task to find the root of the attack.

Viator is offering free identity protection and credit monitoring services to affected customers based in the US.

TripAdvisor has confirmed that this breach only affects Viator customers and not TripAdvisor users.

Click here to view other recent data breaches and cyber attacks.

Subscribe to the IT Governance Blog for updates

[email-subscribers namefield=”YES” desc=”” group=”Public”]