A number of popular travel sites have alerted customers of fraudulent emails and SMS messages posing as the legitimate companies in an attempt to lure users into disclosing their personal information. According to reports, a similar notice was recently sent out to customers of online travel agencies Travelocity and Hotels.com, as well as their parent company, Expedia. The email notified users the company had been made aware of an individual posing as a representative, and of the unauthorized access by that individual of customer names, phone numbers, email addresses and travel bookings. Expedia’s Head of Communications Sarah Gavin stated that the data had not been stolen from Expedia, but rather a third-party.
“The data was stolen by a criminal who successfully phished a partner hotel and obtained that hotel’s login credentials, subsequently stealing names and other information about consumers who had used the Expedia system recently to book a stay at that hotel,” read the report.
She added that the theft was limited to consumers who had booked at the specific hotel. However, the name of the hotel has not been disclosed at this time. Although the email notice sent to customers stressed that credit card data was not compromised, the travel booking services encouraged users to take cautionary steps when receiving these fraudulent emails and messages. “We will never request sensitive or financial information nor require you to transfer money to any account via an email or SMS message,” read the notice.
Notice sent to Travelocity.com customers
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.
