Orbitz says hacker stole two years' worth of customer data

The travel booking site said about 880,000 payment cards were affected.

(Image: file photo)

Travel booking website Orbitz has been hacked, the company said.

The site, now owned by Expedia, confirmed in a statement that it "identified and remediated a data security incident affecting a legacy travel booking platform."

According to the statement, the company found evidence in March that an attacker had access to the company's legacy systems between October and December last year. It was during that time the hacker accessed customer data from the previous two years -- between January 2016 and December 2017 -- which included names, dates of birth, postal and email addresses, gender, and payment card information.

On the company's consumer platform, the attacker may have accessed personal customer data between January and mid-June 2016.

Orbitz said that about 880,000 payment cards are affected by the hack

But the company said that it has no direct evidence that this personal information was downloaded from the platform.

"We are working quickly to notify impacted customers and partners," said the statement. "We are offering affected individuals one year of complimentary credit monitoring and identity protection service in countries where available."

The current Orbitz.com website was unaffected by the breach, said the company.

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All