Cyber Incident Victim: Klook Travel

Klook Travel disclosed a data breach on June 29, 2018, notifying customers that unauthorized access to their information occurred via a compromised third-party analytics tool. Attackers exploited a malicious JavaScript code associated with SOCIAPlus, a web-based analytics service integrated into Klook’s website. The company confirmed the breach originated from this infected code after receiving verification from the third-party provider. The intrusion impacted transactions processed through Klook’s website between December 11, 2017, and June 13, 2018, during which attackers potentially accessed personal data and credit card details. Klook estimated approximately 8% of its total customer base was affected but clarified that users of its mobile application remained unaffected. The breach window spanned over six months before detection, with Klook containing the incident shortly after discovery by removing the malicious script.

Klook engaged cybersecurity firm Kroll to investigate the breach and initiated direct notifications to impacted users. The compromised data included names, transaction records, and payment card information submitted during bookings. While the company asserted no further unauthorized activity occurred post-containment, it advised customers to monitor financial accounts for suspicious transactions and reset their Klook account passwords as a precaution. Internal investigations confirmed the breach was isolated to the website’s third-party JavaScript integration, with no evidence of broader system compromise. Klook did not disclose the exact number of affected individuals or specific forensic findings but emphasized remediation efforts focused on securing the website environment and terminating the third-party tool’s access.