Roberts Hawaii tour company hacked, credit card and personal info exposed

The tour company Roberts Hawaii is warning its customers about a security breach that may affect people who purchased tours and other services on its website.

Did you visit the Hawaii in last year? The tour company Roberts Hawaii is warning its customers about a data breach that may affect people who purchased tours from July 2015 to December 2016. It is a very long period, but there is no information about the number of affected customers.

The Roberts Hawaii company offers tours along with school bus services, airport shuttles, and other transportation packages.

Compromised records include name, address, email address, phone number, payment card number, expiration date and card security code.

The tour company discovered the security breach after customers reported fraudulent charges on their credit cards.

“The tour company found out about the hack after getting reports of fraudulent charges on customers’ credit cards. The charges appeared shortly after the customers made purchases on Roberts Hawaii’s website.” reported the Hawaii News Now.

According to the investigators, the charges appeared shortly after the customers have purchased a tour on the website of the Roberts Hawaii.

“Roberts Hawaii received reports from several customers of fraudulent charges appearing on their payment cards shortly after they were used to make a purchase on its website.” reads the security advisory published by the company. “Roberts Hawaii immediately initiated an investigation and engaged a leading cyber security firm to examine their website network.”

The cyber criminals have compromised the web server of the company with a malicious code that copied customers’ data during the checkout procedure.

According to the Roberts Hawaii company, orders placed between July 30, 2015, and Dec. 14, 2016, may have been affected.

Roberts Hawaii confirmed to have stopped the security breach, it removed the malware installed on its server and shut down the affected payment collection pages.

“All payment collection pages on the compromised server were replaced entirely with third party online booking software and Roberts Hawaii is also taking steps to further strengthen the security of its website to help prevent a similar incident from happening in the future.”  continues the advisory published by the company. 

In order to mitigate the exposure of its customers, the company has established a dedicated call center ((877) 235-0796) and web page to answer customer questions.

“Our customers’ confidence and trust are important to us, and we sincerely apologize for any inconvenience or concern this may have caused. We are working swiftly to address this situation and help prevent a future recurrence,” said Wayne Fernandez, director of safety and security for Roberts Hawaii, in a news release.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – cybercrime, data breach)