Cyber Incident Victim: YapStone

On July 15, 2014, unauthorized individuals gained access to sensitive customer application information held by YapStone, operating as VacationRentPayments, a vacation rental payment service provider. The breach persisted undetected for over a year until discovery on August 5, 2015, when the company immediately blocked access to the compromised URL and initiated an internal investigation. Exposed data included property managers' and users' email addresses, postal addresses, partial Social Security numbers (primarily the last four digits), driver's license numbers, dates of birth, and bank account information. The company confirmed no traveler payment details or credit card information were accessed during the intrusion. Forensic analysis determined the unauthorized access window spanned from July 15, 2014 through August 5, 2015, though investigators found no evidence of actual misuse of the stolen data at the time of discovery.

YapStone's Walnut Creek-based leadership team, led by CEO Thomas J. Villante, formally notified affected customers via mailed letters dated September 11, 2015, approximately five weeks after breach detection. The organization engaged an unspecified third-party forensics firm to augment its investigation while implementing enhanced security measures including strengthened internal password policies and increased system monitoring for affected accounts. As a remedial measure, the company offered impacted individuals two years of complimentary credit monitoring through Experian's ProtectMyID service. Regulatory filings confirmed breach notifications were submitted to authorities in California and Vermont, though YapStone declined to publicly disclose the total number of affected individuals. The incident exclusively compromised account application data rather than transactional payment systems used for processing rental payments.