Viator is making customers aware that we have experienced a data compromise that could potentially affect payment card data used to make bookings through Viator's websites and mobile offerings.
For those customers who created a Viator account, this compromise may also affect the email address, password and Viator "nickname" associated with the account. Protecting the security of our customer information is paramount, and we are taking immediate steps to investigate and determine the full scope of the compromise. We deeply regret any inconvenience this may cause.
On September 2, we were informed by our payment card service provider that unauthorized charges occurred on a number of our customers' credit cards. We have hired forensic experts, notified law enforcement and we have been working diligently and comprehensively to investigate the incident, identify how our systems may have been impacted, and secure our systems.
While our investigation is ongoing, we are in the process of notifying approximately 1.4 million Viator customers, who had some form of information potentially affected by the compromise:
We are notifying approximately 880,000 customers whom we currently believe may have had their payment card information (encrypted credit or debit card number, card expiration date, name, billing address and email address), and possibly their Viator account information (email address, encrypted password and Viator "nickname") compromised. We have no reason to believe at this time that the three or four digit code printed at the back or front of customers' cards were compromised. Additionally, debit PIN numbers are not collected by Viator and could therefore not be compromised.
In addition, we are notifying approximately 560,000 customers whose Viator account information may have been affected (email address, encrypted password and Viator "nickname").
We recommend that all affected customers monitor their card activity and report any fraudulent charges to their credit card company. Customers will not be responsible for fraudulent charges to their accounts if they are reported in a timely manner.
For extra assurance, we are offering free identity protection services, including credit monitoring, for our customers in the U.S. We continue to explore whether there are appropriate comparable options for our customers outside the U.S. who may have been affected by this compromise.
We also are encouraging members to reset their passwords on the Viator site, and on any other sites where they used the same password.
Responding properly to this incident is our top priority, and we are committed to taking all appropriate steps to safeguard our customers' personal information. For over 10 years, Viator's mission has been dedicated to offering travelers the best tours and activities worldwide, and to delivering a superior experience in all our customer interactions.