Orbitz, a Chicago based travel website owned by Expedia revealed that it has suffered a security breach exposing payment card details of 880,000 customers.
The breach was discovered on March 1st, 2018 during an internal investigation by Orbitz. According to the company the breach took place between 1st October and December 22, 2017.
“While conducting an investigation of a legacy Orbitz travel booking platform (the “platform”), Orbitz determined on March 1, 2018 that there was evidence suggesting that, between October 1, 2017 and December 22, 2017, an attacker may have accessed certain personal information, stored on this consumer and business partner platform, that was submitted for certain purchases made between January 1, 2016 and June 22, 2016 (for Orbitz platform customers) and between January 1, 2016 and December 22, 2017 (for certain partners’ customers).” said in the statement published by the company.
The exposed data includes names, email addresses, phone numbers, gender, date of birth, zip code, physical address and payment card data.
The company has notified law and enforcement authorities about the incident and also hired security experts to investigate the issue.
The company also said that the current Orbitz.com website is not affected by the incident and assures that Social Security numbers of U.S. customers were not exposed in this incident.
Orbitz said that they have started to notify the impacted customers about the issue and the affected individuals will be provided one-year complimentary credit monitoring and identity protection service in countries where available.
“Affected customers should remain vigilant in regularly reviewing and monitoring all of their account statements and credit history to guard against any unauthorized transactions or activity. If customers discover any suspicious or unusual activity on their accounts, they should contact their financial institution or call the number on the back of their payment card.”
For more details regarding the incident, customers can contact the company by calling 1-855-828-3959 toll-free for U.S customers and 1-512-201-2214 for International customers. The customers can also visit https://orbitz.allclearid.com to know more about the breach.