Digital Booking Sites

Ctrip Concedes Credit Card Breach at a Very Inopportune Moment

Mar 24, 2014 3:00 am

Skift Take

The data breach at Ctrip comes as Chinese travelers are rapidly discarding the call center option for online and mobile transactions. Such compromising of customers’ credit card data undermines confidence in China’s online booking market.

— Jason Clampet

Come Attend the Best Conference in Travel

Free Report: The Megatrends Defining Travel in 2015


China online travel agency Ctrip admits that some customers had their credit card information hacked into. Ctrip

Ctrip, China’s largest online travel agency, conceded that some customers’ credit card information has been compromised.

Such a breach is never good, but this one occurs just as Ctrip seeks to woo more outbound Hong Kong travelers with the launch of a dedicated Hong Kong website.

And, company officials obviously will be hoping that news of the data breach won’t slow its push for greater online and mobile adoption, which reached more than 65% of its transactions in the fourth quarter, up from around 50% a year earlier.

Ctrip says a third-party website focused on Internet security — reportedly WooYun.org —¬†informed the company March 22 that customers’ credit card information was susceptible to hacking as it was stored on local servers that Ctrip maintained.

After conducting an investigation, Ctrip says the third-party website “might have” downloaded credit card information from 93 customers to confirm the potential risks. Ctrip says it isn’t aware of any customers suffering financial losses or damages.

Ctrip claims this customer data had been stored on the local servers because of a “temporary” test, and Ctrip “removed the cause of the potential security concern within two hours” of being alerted to the problem.

Ctrip says it made public statements in China to inform customers of the breach, has set up phone lines for customers to call about the breach, and has invited the “security white hat” to work with Ctrip to improve its security.

Ctrip has also established a RMB5 million ($800,000) fund “to reward people and institutions who can effectively help Ctrip improve the security practice.”

Tags: , ,

Follow @jasonclampet

Next Up

More on Skift

Expedia-Orbitz Merger Approval Could Be Soon as U.S. Senators Ask Justice Department to Take Hard Look
Interview: Etihad CEO on Disrupting Alliances and the Passenger Experience
Tourism Australia Loads up on Content for Aboriginal Travel Campaign
How Singapore is Building the City of the Future