Cyber Incident Victim: Roberts Hawaii
Date:
Jul 2015
Location:
United States of America
Summary
A tour company experienced a data breach compromising customers' personal and payment information, including names, addresses, contact details, and full credit card data. The incident occurred over an extended period affecting online purchases, with attackers deploying malicious code on the company's web server to intercept checkout transactions. The breach was detected following multiple customer reports of fraudulent charges shortly after website purchases. The organization halted the intrusion by removing server malware, replacing compromised payment systems with third-party booking software, and implementing enhanced security measures. It established dedicated customer support channels to address inquiries while emphasizing efforts to prevent future incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Roberts Hawaii, a tour company offering transportation services including school bus operations, airport shuttles, and vacation packages, experienced a data breach impacting customers who made purchases between July 30, 2015, and December 14, 2016. The breach was discovered after multiple customers reported unauthorized charges on their payment cards shortly after completing transactions on the company’s website. Investigators determined cybercriminals compromised the company’s web server by installing malicious code designed to copy customer information during the online checkout process. The stolen data included names, addresses, email addresses, phone numbers, payment card numbers, card expiration dates, and security codes. Roberts Hawaii did not publicly disclose the total number of affected individuals but confirmed the breach window spanned approximately 17 months.
Upon confirming the breach, Roberts Hawaii engaged an external cybersecurity firm to investigate the incident and assess system vulnerabilities. The company removed the malicious code from its servers and permanently shut down the compromised payment collection pages. All payment processing functions were migrated to third-party online booking software to isolate transaction activities from the company’s primary network. Roberts Hawaii established a dedicated call center and informational webpage to address customer inquiries and provided guidance on monitoring financial statements for fraudulent activity. The company stated it implemented additional security measures to prevent future incidents but did not specify technical details. Director of Safety and Security Wayne Fernandez publicly apologized for the incident, emphasizing the company’s commitment to restoring customer trust. No ransomware involvement or explicit attacker motives were identified in the available reports, and regulatory fines or lawsuits were not mentioned. The breach exposed payment card data at the point of sale, with fraudulent charges serving as the primary indicator of compromise.