Banks Collect And Sell Data About Their Cardholders' Purchases
Police Bust Debit Card Skimming Thieves In Mountain View California

TripAdvisor Data Breach Includes Stolen Email Addresses

TripAdvisor logo On Thursday March 24, TripAdvisor informed its customers of a data breach where customers' email addresses were stolen. In an e-mail message to its customers, TripAdvisor Co-founder and CEO, Stevbe Kaufer, wrote:

"This past weekend we discovered that an unauthorized third party had stolen part of TripAdvisor's member email list. We've confirmed the source of he vulnerability and shut it down. We're taking this incident very seriously and are actively pursuing the matter with law enforcement. How will this affect you? In many cases, it won't. Only a portion of all member email addresses were taken, and all member passwords remain secure. You may receive some unsolicited emails (spam) as a result of this incident."

So, TripAdvisor learned about the breach on March 19. According to the breach notice, while the security hole has been repaired, TripAdvisor is still investigating the incident.

This breach notice is a mix of good and not-so-good. First, it is good that TripAdvisor notified its customers quickly. Notification definitely is the right thing to do. Unfortunately, many companies wait several months before notifying breach victims.

Second, since TripAdvisor doesn't store financial information, like credit card numbers or bank account details, the damage appears minimal. Third, TripAdvisor created an FAQ page to help breach victims.

After a breach, a frequently-asked questions is helpful, especially for consumers who haven't experienced a data breach before and know little about the risks and what to do next. More companies should create an FAQ page to help their customers after a data breach.

The not-so-good is that the breach notice is short on details. The breach notice didn't state when the breach occured or the duration of the breach. Nor did it describe the nature of the breach. Some experts speculated that the breach was the result of an SQL injection attack, a popular method by hackers and identity thieves.

The breach notice mentioned a "portion" of members. A portion could include two percent or 92 percent. Details matter. All of these details are critical towards helping customers as informed shoppers.

TripAdvisor's breach notice should have included more details, especially about the nature of the breach or computer hack. It is hard to judge the breach notice's accuracy when details about the vulnerability and hack weren't disclosed.

Hopefully, during the coming days and weeks TripAdvisor will disclose more details about its breach.


Feed You can follow this conversation by subscribing to the comment feed for this post.


I am a member of trip advisor and about 2 weeks ago recieved an e mail from someone who obviously
can t spell saying they were giving me a debit card that I had to pay 214 dollars for. By the way it was written, they were foreigners trying to scam money. Beware.

The comments to this entry are closed.