Digital Booking Sites

Ctrip Concedes Credit Card Breach at a Very Inopportune Moment

Mar 24, 2014 3:00 am

Skift Take

The data breach at Ctrip comes as Chinese travelers are rapidly discarding the call center option for online and mobile transactions. Such compromising of customers’ credit card data undermines confidence in China’s online booking market.

— Jason Clampet

The Latest Intelligence on the Travel Industry

Free Report: India Tourism Insights Report


China online travel agency Ctrip admits that some customers had their credit card information hacked into. Ctrip

Ctrip, China’s largest online travel agency, conceded that some customers’ credit card information has been compromised.

Such a breach is never good, but this one occurs just as Ctrip seeks to woo more outbound Hong Kong travelers with the launch of a dedicated Hong Kong website.

And, company officials obviously will be hoping that news of the data breach won’t slow its push for greater online and mobile adoption, which reached more than 65% of its transactions in the fourth quarter, up from around 50% a year earlier.

Ctrip says a third-party website focused on Internet security — reportedly WooYun.org —¬†informed the company March 22 that customers’ credit card information was susceptible to hacking as it was stored on local servers that Ctrip maintained.

After conducting an investigation, Ctrip says the third-party website “might have” downloaded credit card information from 93 customers to confirm the potential risks. Ctrip says it isn’t aware of any customers suffering financial losses or damages.

Ctrip claims this customer data had been stored on the local servers because of a “temporary” test, and Ctrip “removed the cause of the potential security concern within two hours” of being alerted to the problem.

Ctrip says it made public statements in China to inform customers of the breach, has set up phone lines for customers to call about the breach, and has invited the “security white hat” to work with Ctrip to improve its security.

Ctrip has also established a RMB5 million ($800,000) fund “to reward people and institutions who can effectively help Ctrip improve the security practice.”

Tags: , ,

Follow @jasonclampet

Next Up

More on Skift

ProPublica’s New Cruise Data Tool Gives Every Ship a Rap Sheet
Interview: Virginia Tourism CEO on Using Love to Sell a State
TripAdvisor Has a New Analytics Dashboard Aimed at Tourism Boards
Why Hotels Should Bet on Wellness Amenities for Business Travelers