Digital Booking Sites

Ctrip Concedes Credit Card Breach at a Very Inopportune Moment

Mar 24, 2014 3:00 am

Skift Take

The data breach at Ctrip comes as Chinese travelers are rapidly discarding the call center option for online and mobile transactions. Such compromising of customers’ credit card data undermines confidence in China’s online booking market.

— Jason Clampet

Free Report: The State of Student Travel

Ctrip

China online travel agency Ctrip admits that some customers had their credit card information hacked into. Ctrip


Ctrip, China’s largest online travel agency, conceded that some customers’ credit card information has been compromised.

Such a breach is never good, but this one occurs just as Ctrip seeks to woo more outbound Hong Kong travelers with the launch of a dedicated Hong Kong website.

And, company officials obviously will be hoping that news of the data breach won’t slow its push for greater online and mobile adoption, which reached more than 65% of its transactions in the fourth quarter, up from around 50% a year earlier.

Ctrip says a third-party website focused on Internet security — reportedly WooYun.org —¬†informed the company March 22 that customers’ credit card information was susceptible to hacking as it was stored on local servers that Ctrip maintained.

After conducting an investigation, Ctrip says the third-party website “might have” downloaded credit card information from 93 customers to confirm the potential risks. Ctrip says it isn’t aware of any customers suffering financial losses or damages.

Ctrip claims this customer data had been stored on the local servers because of a “temporary” test, and Ctrip “removed the cause of the potential security concern within two hours” of being alerted to the problem.

Ctrip says it made public statements in China to inform customers of the breach, has set up phone lines for customers to call about the breach, and has invited the “security white hat” to work with Ctrip to improve its security.

Ctrip has also established a RMB5 million ($800,000) fund “to reward people and institutions who can effectively help Ctrip improve the security practice.”

Tags: , ,

Follow @jasonclampet

Next Up

More on Skift

Expedia Expects to Get Pressured by TripAdvisor, Its Largest Search Partner
Skift Business Traveler: American and US Airways Reveal a Sensible Combined Mileage Program
B2B Travel Startups Need to Show Personality on Social Media
Free Webinar: How To Effectively Personalize Marketing Across Travel Sectors