Popular travel website, Klook, recently announced that their company may have suffered from a third-party data breach incident potentially harming their customers’ personal data and credit card information.
According to their statement published last June 29th, Klook discovered a malicious JavaScript code in one of their analytics tool used on their website. The compromised third-party tool called SOCIAPlus has since been disabled.
The scope of the incident is said to be only limited to transactions made on the Klook website between December 11, 2017 to June 13, 2018. Customers who availed of their services through the Klook Android and iOS apps should not be affected.
Klook added that they have already initiated a forensic investigation that would further check the extent of the breach and if there were indeed customers affected. Potential customers who might’ve been affected were also notified via email.
Coincidentally, we stumbled upon a post in one of the local travel groups in Facebook of an Overseas Filipino Worker (OFW) claiming that their credit cards previously used for their recent travel to Hong Kong and Macau were used to purchase in iTunes. Based on her story, one of the unauthorized purchase has amounted to 150,000 Yen. The travel package that she availed apparently came from Klook. She also shared screenshots of an email coming from the travel company which seemed to be a data breach notification. Her transaction with the travel company happened last January which also falls within the timeline of the data breach.
We have yet to see any updates from the National Privacy Commission (NPC) if this data breach incident has already reached their office. Or, if there were any complaints filed by affected customers based in the Philippines. We’ll try to reach out with the OFW that shared her Klook data breach experience in Facebook to check if she had communicated this issue with NPC. Klook also operates in the Philippines, and as such, covered by the Data Privacy Act of 2012.
The travel company said that they’re opening communication lines to customers who would like to inquire about the latest data breach. Customers may just email privacy@klook.com.
Should we get any new information from this security incident, we’ll keep this article updated.
- Phishing Email Analysis Landing Page - September 19, 2024
- BPI to hold Cybersecurity Conference to ‘Fortify Cyber-Resilience in an AI World’ - July 25, 2024
- New Smishing Campaign makes use of Globe SMS Sender ID - May 27, 2024