News
TripAdvisor’s Viator reports data breach
September 2014 by Voltage Security VP, Mark Bower
This may have been somewhat overshadowed by the Home Depot developments, but TripAdvisor’s stock was down 4% on Monday as word circulated about a recent data breach at its Viator tour-booking and review website - a pretty big breach in e-commerce terms. 1.4 million Viator customers could have had some form of information potentially affected by the compromise.
Commenting on this, Voltage Security VP, Mark Bower, said:
"Online businesses handling large volumes of sensitive data are always at risk of data breaches from advanced attacks. Recent malware variants have focused on stealing live sensitive data in use and in transit and in active processing systems. Even if organisations encrypt disks or servers, it does not reduce the threat of advanced malware capable of stealing live data from active systems. According to the breach reports, credit card data and other personal data was also compromised and exposed from e-commerce and mobile related applications. Security requirements in PCI DSS requires basic protection of card data, but meeting compliance does not protect a company from breach risks. Given today’s advanced threat landscape, organisations need look beyond basic compliance to more contemporary data-centric defence strategies to secure all personal and sensitive data including credit card details. Otherwise they will eventually be another breach victim at the expense of their customers. The good news is data-centric security can be implemented quickly with much more attractive economics than dealing with the cost of a breach, even in e-commerce ecosystems as in this case.”
