Online travel firm Travelocity.com has confirmed an encrypted file containing the names and contact details of customers who had entered competitions run by the company was inadvertently posted on its live website.
The problem was brought to Travelocity's attention on Monday and the company is now sending apologies to the customers whose information was exposed. 440,000 names were revealed.
A spokesman for Travelocity.co.uk assured UK customers that they had nothing to fear from the mistake. He said: “No UK names were involved. The details were those of respondents to competitions open only to North Americans.”
However, he confirmed that information submitted to Travelocity.co.uk did link back to US servers, where it is stored. Travelocity is currently conducting an investigation into how the information was exposed. The spokesman said that this would include “another close look at security.”
Jim Marsicano, executive vice president of sales and service at Travelocity, said the problem originated last month when a server was moved from San Francisco to the company's main data center in Tulsa, Okla. The machine "had been allocated for in-house work and file storage [but] was inadvertently put into a production environment", he said. He said the glitch was "horribly embarrassing and not the way we should be running our business."
It also came at an inopportune time, just days after Travelocity announced that its projected timetable for becoming profitable.