The Travel Corporation Data Breach Lawsuit

The Travel Corporation failed to prevent a February 2018 phishing scam that resulted in the breach of thousands of employees’ data.

The Travel Corporation Data Breach Lawsuit

In February 2018, The Travel Corporation failed to prevent a phishing scam that resulted in the breach of thousands of employees’ private data. Every U.S. employee of TTC was affected by the breach, which could lead to identity theft, credit card fraud, and other damages.

What is The Travel Corporation?

The Travel Corporation (aka “TTC” or “TravCorp”) is a global travel and leisure group made up of hotels, cruise ships, and tour operations. TTC operates in more than 60 countries around the world, including the U.S., UK, Canada, Germany, France, Italy, and China.

The company says it serves 1.5 million customers a year. Its brands include Trafalgar, Insight Vacations, and Cost Saver. TTC is headquartered in Toronto and has a staff of 10,000 employees. Its Founder and Chairman is Stanley S. Tollman.

How did the Travel Corp. data breach happen?

On February 26, 2018, TTC’s Director of Human Resources fell prey to a phishing scam. The HR Director received an email from someone claiming to be the company’s Global Chief Executive Officer. This person asked for payroll information and all copies of TTC employees’ 2017 W2 tax forms.

The HR Director unfortunately complied, sending over the names, addresses, social security numbers, and W2s for all current American employees of TTC, as well as some former American employees.

TTC later realized that the recipient of this information was not actually the Global CEO but was in fact an unauthorized hacker. The company then reported this incident to the Federal Bureau of Investigation (FBI) and to the three major credit reporting bureaus (Equifax, Experian, and TransUnion).

Who was impacted by the Travel Corp. data breach?

All current U.S. employees of The Travel Corporation, and some former employees, had their data breached in the February 2018 phishing scam. The stolen data included:

  • Names
  • Addresses
  • Social Security Numbers
  • 2017 W2 forms

W2 forms include salary information, among other sensitive data.

What is the potential fallout from this breach?

Because the hacker was able to acquire the names, addresses, social security numbers, and W2s of so many employees, identity theft is a real threat. The hacker or hackers could sell this information to the highest bidder on the dark web—or use it themselves to open credit card accounts and/or file false tax returns in the victims’ names.

A fraudulent credit account can cause a person’s credit score to crater, costing them jobs, loans, and even housing. Credit report errors are extremely common, occurring in 20 percent of credit card holders. They are also notoriously hard to correct.

As advocated by TTC, employees impacted by this breach should immediately set up fraud alerts with a major crediting bureau. By doing so, creditors will contact the consumer for verification before opening a new credit account.

American TTC employees should also monitor all bank and credit accounts for suspicious or fraudulent activity.

Did you find what you need?