The Viator data breach highlights the vulnerability of security for online payments, according to CipherCloud.
TripAdvisor, which owns the affected tour-booking and review website, disclosed the breach and how it potentially exposed the payment card data of 1.4 million customers.
Based on the released information, chief trust officer, Bob West, said the breach could have been prevented if Viator had used stronger encryption for user identities and credit card numbers.
"It's also possible that strong encryption was used but the keys weren't managed properly by Viator, which is as good as locking your car and leaving the keys in," he said.
Better way of reporting
West said the Viator data breach comes at a time when security discussions centre on point-of-sale (PoS) malware in physical stores.
"Online payments are another major source for identity thieves to steal consumer information," he said.
Free credit reporting is available for affected customers to deal with these types of incidents, though West characterises it nothing more than a "nice gesture."
"Cyber criminals could just wait out the year and then apply for credit using the stolen personal information with names and addresses pieced together with other identifiers obtained elsewhere," he said.
Sign up for CIO Asia eNewsletters.