World Travel Holdings

The California Office of the Attorney General disclosed a data breach affecting World Travel Holdings in December 2012. The incident stemmed from unauthorized access to the company’s booking system, leading to the exposure of credit card numbers and expiration dates belonging to an unspecified number of customers. While the exact scale of the breach remains undisclosed, the compromised data primarily financial in nature poses risks such as fraudulent transactions, identity theft, or phishing attempts targeting affected individuals. The breach highlights vulnerabilities in the company’s payment processing infrastructure, raising concerns over compliance with data protection regulations (e.g., PCI DSS) and the adequacy of cybersecurity measures in place at the time. Although no evidence suggests broader personal data (e.g., names, addresses) was stolen, the exposure of payment card details alone can inflict reputational damage and erode customer trust. The incident underscores the need for robust access controls, encryption, and continuous monitoring to prevent similar exploits in travel-related industries, where sensitive financial data is routinely handled.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-37286

TPRM report: https://www.rankiteo.com/company/world-travel-holdings

"id": "wor008091825",
"linkid": "world-travel-holdings",
"type": "Breach",
"date": "11/2012",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'industry': 'Travel',
                        'location': 'California, USA',
                        'name': 'World Travel Holdings',
                        'type': 'Company'}],
 'attack_vector': 'Unauthorized Access',
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'No',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Payment card data']},
 'date_publicly_disclosed': '2012-12-17',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving World Travel Holdings on December 17, 2012. '
                'The breach occurred when unauthorized access was gained to '
                'the booking system, exposing credit card numbers and '
                'expiration dates for an unspecified number of individuals.',
 'impact': {'data_compromised': ['Credit card numbers', 'Expiration dates'],
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High',
            'systems_affected': ['Booking system']},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulations_violated': ['California Data Breach '
                                                    'Notification Law'],
                           'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'title': 'World Travel Holdings Data Breach (2012)',
 'type': 'Data Breach'}

World Travel Holdings

Salesforce and Infinite Campus: Infinite Campus warns of breach after ShinyHunters claims data theft

Liberty: Insurer Liberty hit by data breach

Pingora Loan Servicing LLC, Bayview Asset Management LLC and Lakeview Loan Servicing LLC: Lakeview Loan Servicing $26M Data Breach Settlement