Third-party hotel reservation service provider EZYield recently began notifying an undisclosed number of people that a cyber attack provided unauthorized access to their names and full credit card information, including the CVV code, credit card number, and expiration date (h/t idRADAR).
Forensic experts hired by EZYield confirmed the cyber attack on November 21, 2013, and all major credit card brands were informed of the breach on November 26, 2013.
As idRADAR notes, EZYield, which was acquired by TravelClick in November 2011, supports more than 650 travel Web sites, including those for Expedia and Best Western -- it's not clear from the announcement which of those Web sites are affected.
"EZYield takes this matter, and the security of your personal information, seriously and has implemented changes to its reservation services to prevent a similar exposure from occurring in the future," the company stated in the notification letter [PDF].https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
All those affected are being offered one free year of identity protection services from AllClear ID.