Orbitz, the travel booking platform, said this week that its platform was likely hacked during certain times in 2016 and 2017, potentially affecting 880,0000 customers who made bookings on the site during that period.
“We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners”, Orbitz said in a statement.
The period of exposure runs from January 1st, 2016 through June 22nd, 2016; and October 1st, 2017, to December 22nd, 2017. Data potentially exposed includes full name, address, date of birth, gender, and credit card details, the company said. The company insisted that social security numbers, password details, and travel itineraries were not swiped.
Expedia’s Orbitz uncovered the hack during an investigation of a legacy platform. The platform that was breached is no longer in use. Orbitz said that once it had discovered evidence of a potential intrusion, it brought on board a third-party forensics team to conduct an investigation.
“We determined on March 1, 2018, that there was evidence suggesting that an attacker may have accessed personal information stored on this consumer and business partner platform” the company said. “We took immediate steps to investigate the incident and enhance security and monitoring of the affected platform. To date, we do not have direct evidence that this personal information was actually taken from the platform”.
The Chicago-based company is offering one free year of credit monitoring and identity protection services to consumers who booked on the platform during the period of exposure. The investigation into the incident is ongoing.
In a separate statement, American Express said its customers were also potentially affected since “The attack involved an Orbitz platform which serves as the underlying booking engine for many online travel websites, including Amextravel.com and travel booked through Amex travel representatives”.
American Express assured customers that this attack did not compromise American Express Global Business Travel or the American Express platforms that AmEx users employ to monitor their accounts. The company also said they would be reaching out directly to its impacted customers to offer additional support and information, including two years of free credit card monitoring and identity protection services.
Privacy experts said that while this data breach is far smaller in size than other recent breaches, such as that of Equifax last year, consumers should nevertheless take the Orbitz attack seriously.