TripAdvisor is warning its customer base of a major security breach with the theft of a portion of its 20 million plus email list. The company is emphasizing that it does not collect credit card details or other such information, so users’ financial identity are safe. The bad news: members may receive unsolicited emails as a result.

TripAdvisor is hardly alone; hack attacks and resulting spam is prevalent on the Internet.  However if TripAdvisor did collect such information it is possible its users might be better off – although that is by no means certain given the sophistication of malware writers -  as regulations require such companies to step up their security protocol.

TripAdvisor, as it Tnooz reports, has been unusually lax with its security – thus becoming the scapegoat for the moment for marketers looking for someone to blame for customers too skittish to open email marketing messages.

A study from ExactTarget and CoTweet last year looked at consumers concerns regarding trust and privacy of promotional emails. It found, among other trends, that consumers tend to give the benefit of the doubt to big brands, and assume their email addresses will be safe, secure, and unshared.

When that trust is proven to be misplaced, brands in all categories suffer from consumers’ resulting loss of faith.

Tnooz’s reporting leaves one to wonder whether TripAdvisor’s breach could have been prevented. It pointed to comments technical manager Sanjay Vakil made in the Y Combinator forums seven months ago that TripAdvisor developers have “root access on EVERY box”, a reference to the fact that technical staff had access to all files, including the ability to add them from a server.