  |
 |
|
Research and retrieval of news articles by: SPECIAL NOTE TO ALL VISITORS: | ||
 |
|
TRAVELOCITY ADMITS SECURITY LAPSE ON WEB SITESource: The Associated PressPosted on January 24, 2001 Online travel agency Travelocity.com Inc. acknowledged Tuesday that personal information about some customers was read by some visitors to its Web site. The breach exposed the names, addresses, phone numbers and e-mail addresses of about 45,000 Travelocity customers, said officials of the Fort Worth-based company. Jim Marsicano, Travelocity's executive vice president of sales and service, said the information was stored on a back-office server that was put into use on the company's Web site. The customer information should have been deleted first, but wasn't, he said. "It was not a case of hacking. It was a case of something being left where it shouldn't have been left," Marsicano said. The breach affected customers who entered contests on Travelocity's Web site last year by submitting online forms that asked for some personal information. Marsicano said that customer's credit card information was never exposed, however. By clicking on an advertisement on Travelocity's site, users connected to a page of text written in the Web-page language of html. From there, it was possible for someone familiar with html to reach a Microsoft Excel spreadsheet - without a password - that contained the information about contest entrants, Travelocity officials said. Travelocity was alerted to the breach late Monday by CNet Networks Inc., a San Francisco-based technology-news service. CNet reported that it was tipped about the breach by an executive of an Internet-commerce company. Marsicano said all the people who found the spreadsheet work at the same place, but he declined to identify the company. Marsicano said Travelocity customers whose information was on the compromised spreadsheet are being notified by e-mail. Travelocity officials went to great lengths to draw a distinction between their breach and a series of recent hacking incidents at Internet retailers, some of which exposed customers' credit-card information. Last month, a hacker broke into Egghead.com, causing the technology retailer to notify about 3.5 million customers that their credit-card information might have been compromised. Egghead.com said later that credit-card information was not stolen, but analysts said the incident - along with earlier breaches at creditcards.com, Western Union and RealNames - could undermine consumer confidence in using their credit cards to buy things on the Internet. Thomas Underwood, an analyst at Legg Mason who once worked for Internet retailer Priceline.com, said he was neither surprised nor alarmed by the incident, and he credited Travelocity for owning up to the mistake. "Any news that shows consumers' names being used in ways they didn't envision and can't control can affect consumers' perceptions about using the Internet for retail purchases," Underwood said. "But it happens incrementally. I think this event is immaterial."
E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes. |
|
ALERT  WebTrust Is Your Best Defense Against Privacy Breaches. Get WebTrust Working For Your Site. |