Orbitz says hacker stole two years' worth of customer data

The travel booking site said about 880,000 payment cards were affected.
Written by Zack Whittaker, Contributor

(Image: file photo)

Travel booking website Orbitz has been hacked, the company said.

The site, now owned by Expedia, confirmed in a statement that it "identified and remediated a data security incident affecting a legacy travel booking platform."

According to the statement, the company found evidence in March that an attacker had access to the company's legacy systems between October and December last year. It was during that time the hacker accessed customer data from the previous two years -- between January 2016 and December 2017 -- which included names, dates of birth, postal and email addresses, gender, and payment card information.

On the company's consumer platform, the attacker may have accessed personal customer data between January and mid-June 2016.

Orbitz said that about 880,000 payment cards are affected by the hack

But the company said that it has no direct evidence that this personal information was downloaded from the platform.

"We are working quickly to notify impacted customers and partners," said the statement. "We are offering affected individuals one year of complimentary credit monitoring and identity protection service in countries where available."

The current Orbitz.com website was unaffected by the breach, said the company.

Editorial standards