Orbitz announced today that it has discovered evidence of a data breach, making it just another of the many companies recently afflicted. Between October and December of last year, hackers may have accessed consumer data submitted to a legacy website between January 1, 2016 and June 22, 2016. Additionally, Orbitz partner platform data submitted between January 1, 2016 and December 22, 2017 may also have been breached. The company discovered signs of the breach on March 1st and estimates that approximately 880,000 credit cards may have been impacted.
While social security numbers, passport and travel itinerary information don't appear to have been accessed, names, payment card information, dates of birth, phone numbers, email addresses, physical and billing addresses and gender may have been. However, Orbitz said that it doesn't have direct evidence that any of this information was actually stolen. Besides information brokers like Equifax, travel-related services have been juicy targets for hackers with tons of stored IDs -- hotel chains like Hyatt, Hilton and Intercontinental have all been hit.
"Ensuring the safety and security of the personal data of our customers and our partners' customers is very important to us," Orbitz said in a statement. "We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners." The company said that it is notifying those that might have been impacted by the breach and is offering a year of complimentary credit monitoring and identity protection services via this website.
Orbitz, which is owned by Expedia, said that its current website was not affected by the breach. "We took immediate steps to investigate the incident and enhance security and monitoring of the affected platform," Orbitz said. "As part of our investigation and remediation work, we brought in a leading third-party forensic investigation firm and other cybersecurity experts, began working with law enforcement and took swift action to eliminate and prevent unauthorized access to the platform."