Travix has confirmed a major security breach at its Cheaptickets brand in Holland mid-October, with thousands of passenger details obtained by a prolific hacker.
The company says a test environment at Cheaptickets (no relation to the US Cheaptickets consumer brand) was hacked over the weekend of the 22 and 23 October 2011, with "customer information stored from a period of nine months in 2008 and 2009" viewed during the breach.
Travix has not disclosed how many passenger records were involved, but Dutch tech site Webwerald claims a figure in the region of 715,000. Travix has not confirmed or denied this number as yet.
The company claims the information has not been made public and no financial information such as bank account or credit card numbers were stored on the test server.
Security on the Cheaptickets website and live environment was not compromised, an official says, adding:
"The security of the test environment has been enforced and all consumer information has been removed immediately."
Travix has also not confirmed whether passenger passport details were also obtained.
Sources claim the breach came about after the hacker managed to get into the system during a security update, but as soon as the story hit a number of tech sites in Holland the breach was contained.
A number of records with passport information were obtained, but this figure is said to be "very small".
It also turns out that as soon as the breach became public the site was the subject of a sustained number of other attempts, mostly other hackers "looking for their 15 minutes of fame". It is understood none of these were successful.
Cheaptickets became part of the BCD Holdings-fronted Travix mega-brand earlier this year, joining the likes of Vayama and BudgetAir to form a consortium of leisure travel companies.
Hotel site EasyToBook became part of the group when it was acquired by Travix in August this year.