A few more breaches that didn’t make the news
Thanks to those states who post notifications online….
- TravelCLICK, Inc. reported (pdf) that customers who used their web site to book hotel reservations may have had their data accessed by unauthorized others during the period February to March of this year. Reservation data included names, full credit card numbers, expiration date, but no CVV or CID, and in some cases, telephone numbers and email addresses. No details were provided other than their statement that the data were “inadvertently accessible.” They did not offer affected customers any free services.
- Starwood Hotels & Resorts Worldwide reported (pdf) that the Westin Grand Hotel in Washington D.C. inadvertently attached information on some customers, including their credit card numbers, in an email sent to other guests who had made reservations. They, too, did not offer those affected any free services.
- Experian reported (pdf) that a client, Newburyport Capital, had accessed consumer information without authorization. Experian was notifying those affected and had suspended Newburyport Capital’s access. Why Experian advised those affected to notify all three credit reporting agencies instead of offering to just take care of the Experian notification themselves is a bit of a puzzle to me.
- Liberty Mortgage, a subsidiary of BB&T Financial, reported (pdf) that it accidentally mailed credit reports to the wrong customers. The company offered those affected two years of free credit monitoring. While their letter is somewhat forthright about their error, it suggests that there was only one client affected, whereas the notification to the state suggests that there were a number of misdirected credit reports.