January 22, 2001 6:30 PM PST

Travelocity exposes customer information

A security breach at Travelocity exposed the personal information of thousands of the online travel company's customers, the company confirmed Monday.

Names, addresses, phone numbers and e-mail addresses of Travelocity customers who participated in a promotion on its site were exposed. Travelocity executives closed the breach, which involved an insecure directory, on Monday afternoon after it was pointed out.

For more than a month, up to 51,000 names could have been exposed by the breach, said Jim Marsicano, executive vice president of sales and service for Travelocity. Blaming the problem on human error, Marsicano stressed that no customer order information was compromised by the security hole.

"We take this privacy thing very seriously," Mariscano said. But he added, "In this case, we didn't do what we were supposed to do."

Although Travelocity is still investigating the incident, Marsicano said that it stemmed from the transfer of the company's servers from San Francisco to Tulsa last month. As part of the move, some of the company's internal data from two promotional contests that ran last year was inadvertently left on a computer that is now being used as a Web server, he said.

"We had a weak link in this particular transaction and you see the end result," he said.

These kinds of breaches occur when a company gets complacent about security risks, said Richard Power, editorial director of the Computer Security Institute.

"This is an error (of) not dotting their I's or crossing their T's," Power said. "This is a situation where they are probably understaffed, or they haven't understood that they are at risk of somebody poking around."

Travelocity is only the latest site to compromise customer information.

Last month, a hacker broke into Egghead.com, potentially exposing its 3.7 million customer accounts. Weeks later, the company said the hacker didn't gain access to any of the credit card numbers it had on file, but by then many of the credit cards had been canceled by banks or worried customers.

Earlier last year, security breaches or hacker attacks exposed customer and client information at CreditCards.com, Eve.com, IKEA and Amazon.com.

An e-commerce executive, who asked to remain anonymous, reported the security hole to CNET News.com on Monday. The insecure directory allowed anyone to see the customer data without a password.

Travelocity's Web site assures customers of the site's security, saying it uses "the latest encryption technology to ensure that every transaction is safe." The company said it encrypts all personal information after it is entered and transmits the encrypted information over the Internet to a secure server, where it is translated back to its original form and stored in an offline database.

Simple errors like the Travelocity breach have happened all too frequently, said Jason Catlett, president of the spam-fighting group Junkbusters. They stem from companies not devoting enough financial resources and technical expertise to addressing security issues, he said.

"Of course these mistakes shouldn't happen," Catlett said. "There's a rush to be first with a new feature and to get the promotion running rather than making sure all of the doors are locked before they open the front gate."


Join the conversation!
Add your comment
Travelocity misinforms their customers on the phone
The ticket they sell on the phone is different from what you get. Both the itinerary and the price differs! There seems to be no way to claim your rights - the customer agents do not hear you but tell you what they memorized. The don't answer your questions.
Posted by (1 comment )
Reply Link Flag
Travelocity Customer Service Non-existent
I am in the midst of the worst customer service experience I've ever had the misfortune of having.
Having found that Travelocity had charged me twice for the flight I booked my parents for Christmas, I made the misguided assumption that it would easily be resolved. All I had to do was contact Travelocity customer service and have them credit my account. Simple enough, right? Sure, if a customer service department existed which, as far as I can discern, does not. I have just lost two hours of my life listening to crumby on hold music and I am yet to speak to someone. It has been perhaps one of the most frustrating experiences of my life. I just want to speak to someone, anyone!!! My advice to all travellers considering an online travel agent is to avoid Travelocity like the plague. If they don't value their customers enough to have a feasible customer service department, then they are not deserving of our custom.
Posted by kcoughan76 (1 comment )
Link Flag
Travelocity Customer Service is Horrible
When you call the billing phone number you get what I'm sure is a different country (not the USA) where any problems are referred to a fax number where you send a letter. You will be contacted by e-mail within 7-10 days! Unreal. I can't seem to find REAL customer service for my problem! Travelocity charged my credit card without giving me a confirmation number and telling me my request was no longer available. I have now been charged for something I didn't receive and can't get anybody to help me. We are talking over $150! Beware of Travelocity!
Posted by (1 comment )
Reply Link Flag
Been looking for Travelocity Customer Service contact for months!
I, too, have had HORRIBLE customer service from Travelocity and still have not found the correct person to contact after looking for over 6 months! You can view my <a class="jive-link-external" href="http://www.centsible.net/complaint.shtml" target="_newWindow">horrible experience with Travelocity</a> online in a "sample" complaint letter that I've posted for tips on how to write a valid complaint letter. I think it is very poor form of Travelocity to ignore even polite complaints. I've gone so far as to contact their PR firm regarding this. They (Vollmer PR) also have not responded to me.
Posted by lschofield (1 comment )
Link Flag
Travelocity Major Customer Service Blunder
Travelocity must be investing all of their resources into advertising gnomes. Normaly I'm a patient consumer but when a website dies in the midst of processing my credit card information there had best be a human being to talk to. Unfortunately I cannot find a phone number anywhere on the site, and it seems that tonight (Jan 6th) many of the links are broken on the site. This large of an error should have been noticed and warning presented on the front page. I recommend consumers take their business elsewhere.
Posted by (1 comment )
Reply Link Flag
Posted by FRANK43 (1 comment )
Reply Link Flag
If you want to throw your money away you will be guaranteed to get this done by using Travelocy. You will not only loose your money very quickly but you will get bad service in return, in addition to that you can be assured to feel frustrated and ripped-off. Please read my words and save yourself lots of trouble.
Posted by sarelr (1 comment )
Link Flag
Jumping Fares
Why, when I try to book a fare with Travelocity it gives me a fare which may be acceptable but as soon as I go to book it, the fare jumps. The jump in the fare is always UP never DOWN. Is this a Travelocity trick to get you to continue? This practice is not ethical and should stop immediately.
Posted by I. Thring (1 comment )
Reply Link Flag
Horrible Travelocity customer service
I searched in Google for "Travelocity customer service" and got bunch of stories with experience similar to mine. I don't know if I should be relived or disappointed that the website still exists after so many negative reaction from customers. This is what happened to me:
I tried to make a change to an existing reservation over the phone and got to speak to 5 different people repeating over and over my request, people that not only hardly speak and understand English, but have reasoning abilities of a 5 year old. I was held on the phone for 3 hours and 45 minutes and was given more than 10 different rates for the exchange of the date of departure. In the end, the rate came up to $480.00 exchange fee for a ticket that I initially paid $780.00. I decided to just cancel the ticket for a $200.00 penalty and went and purchased new ticket from the airline website for $750.00. I was suppose to receive $580 back, however, the promised $580.00 showed up on my credit card 6 weeks later as $520.00. The Travelocity customer service reps are rude and dishonest, and hopefully Travelocity will decide to move its customer service out of India or there will be more and more dissatisfied customers. I know that I and all the people that I have talked to will not use Travelocity any more.
Posted by iand74 (1 comment )
Reply Link Flag
Travelocity is the worst !!
I tried to buy tickets from travelocity so that my mom and I can stay with my brother who's best friend passed away recently. WHAT A NIGHTMARE! First I waisted 45 minutes trying to make reservations on the web site. A note finally popped up that that the web site having technical problems ( Uh, no kidding...) I naively called the costumer service number. The service representative's English was so bad that it took 20 minutes to communicate that I wanted to by tickets but I didn't want to pay the extra $50 dollars your rep wanted me to pay because I couldn't make the reservations on line. Then it was another 20 min for him to admit it was indeed not me, but a problem with your site. He made me reservations but said I had to talk to a technician who's name was Christine Fernando to get my money back( it took me a long time get her to tell me her name but would not tell me the name of her manager) . Christine's accent and English skills were also difficult to understand but eventually I understood that she thought that because I used the back arrow while filling out your form, the web site wouldn't make the tickets. She instructed me to wait 24 hours and try again. I told her that I was viewing my Bank account and that currently it was showing that Travelocity had already charged me for 3 sets of tickets. She said that There were only some tickets on reserve and that they were not paid for. She said to wait 24 hours and try agian. We debated for a long time and I got put on hold many times during this annoying exchange. Finally she said that no, the 3 sets of tickets charges wouldn't be charged to my account. OK, I said but I still actually need to buy 1 set tickets so that I could go help my brother in the next 2 days. She took all my info put me on hold several times and then after ALL THAT TIME TOLD ME THAT THE FAIR HAD EXPIRED!! GAH!

As I am writing this there is no 4!!! sets of tickets plus a number of fees charged to my debit card totaling over $1,300!! you can bet I will stop these charges through my bank. I finally realized that travelocity is an insane waste of time and got my tickets for the same amount of money in about 10 minutes from Orbitz.
Anyway, I don't expect any remedy on this situation from them because as I said you have to worst costumer service ever.
It is fraud however, so the next call I make will be to the police ( After the bank that is )
Posted by Sheila Bailey (1 comment )
Reply Link Flag
I have been trying to get my hotel changed for Super Bowl weekend for over a week. We were supposed to stay at the Monte Carlo, but because of the fire they are going to be closed. Have talked to three people, all with accents so strong I cannot understand them. The put me on hold forever and nothing ever gets resolved. Worst travel site around. Will never use them again!
Posted by mellywi (1 comment )
Reply Link Flag
Thanks for this nice explane!

Posted by canbilteknoloji (7 comments )
Reply Link Flag
I get email from Travel Services, Tampa Florida! They have promised free gruising on Bahama islands. They have also promised me a cheque value of euros 1625,00 and visa card!
Could You please inform me what is the situation on this affair? The Transaction number of my journey is as follows: 31208097 and the Transaction number of my cheque is as follows: 20183348133. Please inform me as soon as possible!

Kindly Regards!

Antti Johannes Vaalama

email: ajvaalama@gmail.com
GSM: +358-0466552279
Posted by suomussalmi (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.