Today, Orbitz announced that it has discovered evidence of a data breach they experienced (via Gizmodo). Between October and December of last year, infiltrators may have accessed consumer data submitted to a legacy website between January 1, 2016 and June 22, 2016.
Orbitz partner platform data submitted between January 1, 2016 and December 22, 2017 may have also experienced breach. They company discovered the signs of a possible breach on March 1st and has estimated that approximately 880,000 credit cards may have been impacted by the breach.
It doesn’t appear that social security numbers, travel itinerary and password information appeared to have been accessed, what may have been accessed are: names, payment card information, phone numbers, dates of birth, email addresses, physical and billing addresses and gender. Orbitz, however, has said that they don’t have direct evidence that any of this information was actually stolen upon breach.
“Ensuring the safety and security of the personal data of our customers and our partners’ customers is very important to us,” Orbitz said in a statement. “We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners.” The company added that it’s notifying those customers that might have been affected by the breach, and will offer a year of complimentary credit monitoring and identity protection services. Additionally, it will offer assistance to partners in notifying their customers.
Expedia, which owns Orbitz, said that it’s current website has not been affected by the breach. “We took immediate steps to investigate the incident and enhance security and monitoring of the affected platform,” Orbitz said. “As part of our investigation and remediation work, we brought in a leading third party forensic investigation firm and other cybersecurity experts, began working with law enforcement and took swift action to eliminate and prevent unauthorized access to the platform.”