Rough day for Expedia and Travelocity

It was a rough day for the travel industry’s two biggest Web sites as reports of a security breach by ran rampant in the trade and consumer media, and
was temporarily taken down by internal server problems on the Microsoft network.
Travelocity’s problems began when San Francisco-based technology news service CNET alerted it to its breach late Monday. CNET reported that an e-commerce executive, who asked to remain anonymous, reported the security hole to CNET on Monday.
Names and addresses of entrants in several of Travelocity’s promotions between May and November of last year were inadvertently made accessible through a link on our site. Travelocity said the breach probably occurred while Travelocity was transferring servers from one location in San Francisco to a more secure location on Tulsa, Okla.
Jim Marsicano, Travelocity executive vice president of sales and service told,an IT industry media and research firm: “I`m embarrassed to say that a file which should have been routinely deleted was not. This was a very serious incident, and we`re extremely sorry that it happened.”
The breach exposed customer names addresses and e-mail addresses, and at no time were credit card information or customer data exposed, Travelocity said in statement yesterday.
An incident like this proves just how fragile and susceptible to human error Internet security can be, but Expedia’s Marketing Director Suzi Levine says she hopes consumers won’t look at this as a problem with the online travel industry as a whole.
“It`s deeply concerning [that] they’ve been paying lip service to privacy to this point,” she said. “It’s unfortunate that they were so lackadaisical with their customer information, but we’re glad to see that they’re taking a quick response.”
In September, Expedia revised its own privacy policy with clearer wording and more customer control. It also went through a successful audit by PricewaterhouseCoopers. “We practice what we preach,” Levine said.
Travelocity said that the incident will most likely result in strengthening the security of its own site. “We take the privacy of those who participate on our site, whether they are members, contest participants or visitors, very seriously,” Travelocity said. “This situation has reminded us that we cannot be too vigilant in the protection of our members` privacy.”
Meanwhile, Expedia was having problems of its own. Microsoft technicians had been struggling since early Wednesday morning to return service to the company`s main Web sites including,,,,, and
Levine said Microsoft experienced a glitch with its domain name server system. Also known as a DNS routing system, the database acts basically as a gatekeeper for the sites and translates the names of URLs to the actual number addresses of the servers where the Web pages are stored. Levine said such glitches don’t compromise the security of any affected sites.
Microsoft had the problem under control and most of Microsoft`s sites were up and running by Wednesday afternoon. Microsoft is still investigating and Levine said Expedia is still gauging the extent to which the site was affected.