Travel Site Confirms Database Breach
Names, addresses, phone numbers and e-mail addresses of those who participated in two recent Travelocity promotions were compromised, according to reports.
The security breach, which lasted about one month, was closed on Monday. Ironically, the problem began after the company transferred several servers from San Francisco to Tulsa, OK, for security reasons.
The database of names was left on a computer that was being used as a Web server. The situation made names and addresses of entrants available through a link on the Travelocity site. The company said in a statement that no financial information was exposed.
"Upon being made aware of this situation, we immediately removed the data from our site," the statement said. "At no time were any member profiles, credit card information or customer data exposed."
Travelocity's customer profile information goes into a secure database and is encrypted in that database, the company said.
Travelocity began an investigation into the matter and said it would contact each contestant whose information may have been compromised.