YapStone (VacationRentPayments) is notifying some property managers and others who use their service to receive vacation rental payments that personal information in their account applications was compromised by unauthorized persons.
In a letter dated September 11, YapStone CEO Thomas J. Villante writes that email and postal address, Social Security number, driver’s license number, date of birth, and bank account information were accessible to unauthorized persons from July 15, 2014 through August 5, 2015. No traveler credit card or payment information was involved. For most of those affected, it was not full SSN but last 4 digits of SSN that were involved.
When the firm discovered the problem on August 5, they immediately blocked unauthorized access to the URL in question began investigating. They’ve also brought in a third-party forensics firm, strengthened their internal password rules, and increased monitoring of affected systems.
Although the Walnut Creek-based firm has no evidence that the information has been misused, they are offering those notified two years of credit monitoring services with Experian ProtectMyID.
The total number of individuals affected was not disclosed, but the breach has been reported to at least California and Vermont.