Now that's a bad trip: 880k credit cards 'likely' stolen by Orbitz hackers Vacation-booking biz Orbitz has warned that sensitive details on as many as 880,000 credit cards have "likely" been stolen from its servers by hackers. In a statement today, US-based Orbitz said it discovered evidence of an intrusion on one of its legacy platforms on March 1, and called in a third-party forensics team. It now …
It’s a US company. Does that country even have adequate data protection laws and regulators? I mean, their banks are only just starting to roll out Chip and PIN cards now, many years after most other countries (not directly relevant to online payments, but still).
What?! I thought it was supposed to an absolute payments handling no-no to store CVC codes for any longer than the brief moment required to verify card details at the time of payment (as their purpose is to ensure that the person making the payment physically has the card in their possession)? So, although you can store the credit card number for convenience for any future transactions, not the CVC.
Someone should surely be in very deep trouble for specifying and setting up their system to do that!
DOB, address, ID details are required by most countries for cross border travel and identity verification. It's not that it has to do with travel payment, it's that you can't travel without it. As ecommerce transactions are typically one-shot (few respond to follow-ups), all the information for the journey needs to be collected at first point of contact, where possible. Lazy programming and changing (at short notice) requirements for data collection (from governments) mean a wide net is cast, even where not necessary at the point of the journey.
I doubt fining companies will have any effect. Changing corporate law so the overpaid boards and PHB class, especially at the top have little to no protection from legal action under corporations or company law may. Nothing like jointly and severally liability to drive home that this is serious. Until then, only shareholders bear the costs not the management that created the disaster.
"We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers shareholders and partners."
Fixed it for them.
Why would they care, for them it's just a minor incident. Who cares about the people who risk losing money, getting their identity stolen and their lives ruined? "Oh, so sorry; now get lost and don't you dare make any trouble."
If only we all got a Bitcoin for every time a shitty corp said that. I opt to never store CC info with travel sites. But they probably cache / store them anyway. Plus, after so much consolidation / collusion, is there any real online travel market anymore??? Only 2 main operators now. Plus All the fines for collusion with other travel operators and hotels - How very Uber!!!
#1.
Expedia.com: Hotels.com - Travelocity - Orbitz (ebookers) - Venere - Trivago (61%) - Despegar.com (stake)
#2.
Priceline.com: Booking.com – Kayak – Cheapflights etc etc
=
http://www.chicagotribune.com/lifestyles/travel/chi-travel-web-sites-story.html
https://skift.com/2015/03/10/expedia-makes-270-million-dollar-investment-in-latin-americas-decolar/
https://www.usatoday.com/story/travel/columnist/mcgee/2015/03/04/airline-mergers-expedia-orbitz/24319965/
https://skift.com/2015/02/12/expedia-vs-priceline-adding-up-the-acquisitions/
=
http://colombiareports.com/colombia-slaps-massive-fine-booking-com/
http://www.theregister.co.uk/2014/05/21/italy_competition_watchdog_tripadvisor_expedia/
https://www.connexionfrance.com/Archive/Expedia-fined-for-duping-clients
http://www.bighospitality.co.uk/Legislation/IHG-hotel-deals-with-Expedia-and-Booking.com-investigated-by-OFT
The travel industry is another one that needs taking to task over data security, the whole network is holes, not just the agents, but the booking frameworks, pre-checking and flight data, miles and rewards, etc
But untill DS is on the same footing as H&S (Directors are criminally responsible) and the fines actually hit the bottom line hard, there will be no improvement.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
