The hacker also had access to users’ full names, birthdates, phone numbers, email addresses, physical and/or billing addresses, and genders.
Travel booking service Orbitz has suffered a data breach.
The company today revealed that an attacker broke into a “legacy Orbitz travel booking platform” and stole around 880,000 payment card details. The hacker also had access to users’ full names, birthdates, phone numbers, email addresses, physical and/or billing addresses, and genders.
Orbitz said it discovered evidence of the intrusion on March 1 while investigating the consumer and business partner platform in question. They determined that the attacker had access to it between Oct. 1 and Dec. 22, 2017, and may have stolen information stored on the system that was submitted by Orbitz customers between Jan. 1, 2016 and June 22, 2016, as well as information submitted by “certain partners’ customers” between Jan. 1, 2016 and Dec. 22, 2017.
“The current Orbitz.com website was not in any way involved in this incident,” Orbitz wrote.
After discovering the intrusion, the company brought in a third-party forensic firm and other cybersecurity experts, as well as law enforcement, to further investigate the incident. Orbitz said it “took swift action to eliminate and prevent unauthorized access to the platform.”
As is standard procedure after a company is breached, Orbitz is offering affected individuals one year of complimentary credit monitoring and identity protection services. The company is also advising victims to “carefully review and monitor their payment card account statements and contact their financial institution or call the number on the back of their card if they suspect that their payment card may have been misused.”
Customers with questions can call Orbitz at 1-855-828-3959 (or 1-512-201-2214 if you live outside of the US) or visit this site for more information.
“Ensuring the safety and security of the personal data of our customers and our partners’ customers is very important to us,” Orbitz wrote. “We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners.”