First read is on us.

Subscribe today to keep up with the latest travel industry news.

TripAdvisor’s Viator Notifies 1.4 Million Customers about Site and Mobile Data Breach


Skift Take

Viator waited around 17 days from when it learned of the data breach before notifying customers. That is shameful. Unforunately for Viator, it is a helluva way to join the TripAdvisor family as TripAdvisor gets more involved in ecommerce on a number of fronts.

Viator, the tours and activities provider acquired by TripAdvisor this summer, is notifying 1.4 million customers that a data breach affecting its websites and mobile offerings may have compromised their credit and debit card numbers, email addresses, and other personal information.

Viator posted notices online September 19 about the breach, although the company learned of a problem 17 days’ earlier when its payment card service provider informed Viator about unauthorized charges on “a number” of customers’ credit cards.

Of the ongoing investigation into what happened, Viator states:

“We have hired forensic experts, notified law enforcement and we have been working diligently and comprehensively to investigate the incident, identify how our systems may have been impacted, and secure our systems.”

Viator states that its forensic team is still confirming what happened, but it believes the following customer data may have been compromised: customer name; physical address; encrypted debit/credit card number; card’s expiration date; Viator account information, including email address, encrypted password and Viator nickname.”

Viator does not collect debit card PINs so these were not compromised, Viator states.

In addition to notifying customers, Viator urges customers to monitor their financial accounts, and it is offering U.S. customers identity protection and credit card monitoring services for free. It is also exploring what similar services are available for customers abroad.

“Responding properly to this incident is our top priority, and we are committed to taking all appropriate steps to safeguard our customers’ personal information,” Viator states. “For over 10 years, Viator’s mission has been dedicated to offering travelers the best tours and activities worldwide, and to delivering a superior experience in all our customer interactions.”

Here’s an FAQ about the incident.

The data breach could also have negative repercussions for parent company TripAdvisor, which welcomed Viator into the family August 11 — three weeks before the breach occurred.

The negative repercussions could be in the reputational sense. A TripAdvisor spokesperson is quick to point out that Viator’s and TripAdvisor’s platforms are not integrated.

“Viator and TripAdvisor are operated on separate systems with different design and security attributes, and with no overlap,” says TripAdvisor spokesperson Kevin Carter.

On the timing of notifying customers, a spokesperson for Viator says: “Viator began investigating immediately to understand the facts, determine the scope, and confirm the customers impacted. Communicating to customers was a priority and we were just this week able to determine the number of potentially impacted customers through our investigation. The investigation is ongoing but we communicated what we know at this time.”

“Viator deeply regrets any inconvenience and concern this incident may cause to their customers,” the spokesperson adds. “Right now, Viator’s highest priority is the safety and security of their customers’ information and maintaining the security of the site for travelers.”

Up Next

Business Travel

The State of Corporate Travel and Expense 2025

A new report explores how for travel and finance managers are targeting enhanced ROI, new opportunities, greater efficiencies, time and money savings, and better experiences for employees with innovative travel and expense management solutions.
Sponsored
Tourism

How Two Little Letters Made Anguilla into a Hidden Caribbean Goldmine

Anguilla is a small island with a big secret. It owns one of the most lucrative pieces of digital real estate in the world: the .ai domain. Now that ChatGPT brought artificial intelligence mainstream, it holds the potential to transform the island's tourism economy – and its future.
Tourism

Remote Year Collapse: What We Know

Remote Year said it was closing, upsetting many customers who had paid for future trips as digital nomads. Two CEOs are pointing fingers at each other. It's the vendors in emerging markets who will likely be hurt most.