Are you traveling in the next 2 years?

In the last 12 months?

 

Mondee and EBG have not notified the millions of people, including you, your friends, co-workers, family, affected by the breach.

 

Was your House Robbed? Kids ID Theft, kidnapped? Travelling companions, your family hassled, or worse?  We hope it was not from a yet unreported / unacknowledged event like Mondee's -   https://mondee-data-breach.com/The-story-in-pictures/ to explain what happened, and what can be done to help protect your family and others!

 

1. Unsecured databases, from AI or just sloppiness, left accessible online are a huge risk!

 

If any Travel companies failed to tell you about data insecurity or a full breach that affects you, your family, your kids, your house, then the issues remain active for You and your kids sometimes way into the future, now from event 10 years prior data interactions...

 

Here is one example as of yet unreported back to those affected : How many?

Might be as many as 250,000,000 people or more, including "interactons."

 

Today's example: Who? Entertainment Benefits Group/EBGsolutions and MONDEE (Mond)

...Never heard of them? The website and the company controlling have different names. 

Let's pull back the covers, and make the connection:

If you bought travel from any of their subbrands, or you used a travel agent, or 3rd party site that used their services all that data was exposed List of Affected Companies, purchaed by Mondee in the past a18f3a20b5cc005575b71809b941865f: 

 

Fears for Your safety:

If bad guys know when you will be home and gone what will they do? Exposed:

Names , Birthdates , Gender ,Home Addresses , Billing , Companions and Kids , Flight Information (including itineraries) , Passport Numbers, Passenger Name Records (PNRs), Booking Details Unencrypted Credit Card Numbers and Expiry Dates

 

iF YOU BOOK TRAVEL THROUGH THE FOLLOWING BRANDS, YOU WERE AND ARE AFFECTED -

 

Any Indepedant Travel Agent

FLIGHTS.TICKETSATWORK.COM

FLIGHTS.MEMBERDEALS.COM

  AAA.com, USAAPerks.com, American Bar Association, and thousands of others

FLIGHTS.WORKINGADVANTAGE.COM

FLIGHTS.BENEPLACE.COM

FLIGHTS.PLUMBENEFITS.COM

SMARTFARES.COMTRIPPLANET.COM

 

Trippro, Rockettravel, and so many others - example, Mondee Acquires Skypass, a leading Travel Marketplace, bringing AI to SMEs ...

 

Travel through a Workplace advertised Travel offering - 30,000 possible locations -

& Other EBG / MONDEE BRANDED OFFERINGS AND APPS.

and dozens and dozens many many more via affiliate relationships, "whitelabling..."

Govx.org, Lifecart/Lifecare, Care.com, and many others.

 

Months after Mondee was informed of the issue, and after stonewalling to Techcrunch and others, who bravely broke the story, and others found Website and associated database was STILL wide open - it wasn't a lapse, there had not been any security on it, and it was being used for Development and Production at the same time!  Any review by a Security Researcher, will confirm the ongoing issues, making the site insecure and non-compliant. 

 

Did EBGsolutions.com / Entertainment Benefits Group and Mondee know this from the beginning?  Do they care about their customers? Most kindly, let's imagine the best, they had no clue, then...

 

Why NOT notify affected customers? As required by Law, and common courtesy?

 

But if that clueless, why would they later make statements that there were no risks, no issues, and other fraudulent statements to the media, and in press releases?

 

Why did they get rid of the marketing department, get sued by their own CFO, not pay taxes in India.

 

In surveying similar events, lots of examples of negative impacts, when these now obvious issues are not shared, losing trust not because of failure to have any security, even greater is the loss of trust in the leadership.  The travel market is dynamic, and people and companies will move to things they feel they can trust. We wish it had gone differently when the issues were discovered.   

Since they haven't informed you - please:

https://mondee-data-breach.com/The-story-in-pictures/

What should you do?

1. USA: Contact your Privacy officals - Attorney Generals, State or National.  International Travellers, including Brazil, your countries have Privacy Laws have been violated.

File a Complaint - Consumer Protection (consumerresources.org) 

www.consumerresources.org/file-a-complaint/

2. use Fraud.org, and

3. If travel is in the future, demand a refund, the US just passed a law requiring the company selling, refund your money.  Likewise, we are seeing a Law vs. Data Brokers who expose data of children, the Military, etc. to bad actors.

4. Please let others know, travel agents, others who might have booked your travel, including your employer, or other source of linkoff - if this was offered via your workplace, through a membership, or business connection, influencer, etc. about your concerns. 

5. Demand justice, that EBG/Mondee correct the situation, and make you whole if your life was impacted by the severity of this data breach, and their failure to notify you.  Encourage them to fix the process, AI, database, websites, all of it, rather than acting with such distain & negligence. 

6. Additional suggestions are likely available online from trustworthy sources, such as additional legal methods, as well as Consumer Protection groups at the national level - we will update the site as we have more detailed recommendations - see the footer below for places to start.

-------------------------------------------

At the time of this update, Impacts:

 

Mondee has continued to engage in unsafe/fraudent practices & statements to the public, customers, and the investing public, with the knowledge & support of EBG - EBGsolutions.com (Entertainment Benefits Group. C-Suite Leadership...) The site is poorly secured, non-compliant, and by failing to warn people, they are shredding any trust in an area where buying from someone else is an easy click.  The only thing people come back for, fool me once, shame on you, fool me twice, and some people will say you may have a working business model.  The FBI and a dozen groups provide free support to secure your stuff... why didn't this publically traded company use those free resources?  

 

For every traveler any where, not just with Mondee and eBG, price and process transparency, not being turned into #AI #AIfood, and treated like data, is going to matter to people.  Why hide who you are, where you do business, and hide phone numbers? Will the company stand behind the stuff - we know of a number of high end travel companies - who do GREAT, they tell what they sell, how, and why, and the clients are kept private.  

 

Wake up that if everyone is using same tech, prices will tend to follow each other if that was the only consideration - fewer people will buy Flights from anyone except the airline after this kind of behavior... and even before it, vouchers turn people off, our lives change too much- can you provide amazing pre and post sales service, so even if they have to cancel, they will talk about how great your company is to others? 

 

How did the breach happen?

Mondee (MOND) a publically traded US company...

The entire website and the database was left unsecured on the cloud without effective controls, such that it was easy for anyone access entier 1.7 of Customer Data... At the time we are writing, the site is still insecure/non-compliant, and Mondee and EBG continue the coverup to this day.  Why? No staff hired, or contracted to do the job.  No one skilled in the most basic security features, and without knowledge or will to do the most basic secure design requirements -

Fear? Not having enough money to hire anyone to secure it, head in the sand thinking? Shame? Coming out of Covid thinking and ignoring the Data Privacy laws that now cover most of the world, and more of the US all the time...

 

Reality: Data Security Breaches | Office of the Vermont Attorney General shows it happens all the time, why not own it, fix it, and move on?

 

What has Mondee done about it?

Nothing. They did not notify affected users from the last 10 years,

or the next 2+ into the future, nor those who arrived via Partnerships with ABG, or Entertainment Benefits Group, or Travel Agents, nor Brazilians, ... you get the picture.  

 

Be patient with them, the ones who were also not told, your employers, your Travel Agent, past clients of companies Mondee bought... as an example, of unknowing victims are those who offer a free benefit - such as a great group, the Allied Business Network (ABN) /Arthur J. Gallagher & Co. (NYSE: AJG) (“Gallagher”), or so many others who haven't been told.  We are all saddened you had to learn it this way.

https://www.businesswire.com/news/home/20211220005227/en/Mondee-the-Technology-First-Fast-Growing-Travel-Market-Disruptor-To-Go-Public-Through-Business-Combination-with-ITHAX-Acquisition-Corporation

 

That was 3 years ago... 5% of the flyers... and they put it all into an online database without a password for MONTHS!

Today, still insecure/non-compliant they have a huge % of airline travelers, rental cars, and cruises, our elderly affected as they use Travel Agents, and still no notice...

 

File a Complaint - Consumer Protection (consumerresources.org)

https://www.consumerresources.org/file-a-complaint/

 

Any breach : reportfraud.ftc.gov/ . fraud.org . iapp.org/resources/article/us-state-privacy-legislation-tracker/ . www.sec.gov/tcr