Hacked Travel Company Orbitz may Have Lost 800,000 Payment Credentials

The Expedia-owned travel company, Orbitz, just disclosed a possible data breach that may compromise over 800,000 customers’ payment information.

On Tuesday, Orbitz, a travel company acquired by Expedia, announced a possible breach that may have compromised sensitive customer information.

According to Orbitz, between October and December last year, an unknown individual or group infiltrated the company’s consumer and business partner platform where the information is stored.

“While conducting an investigation of a legacy Orbitz travel booking platform (the ‘platform’), Orbitz determined on March 1, 2018 that there was evidence suggesting that, between October 1, 2017 and December 22, 2017, an attacker may have accessed certain personal information, stored on this consumer and business partner platform, that was submitted for certain purchases made between January 1, 2016 and June 22, 2016 (for Orbitz platform customers) and between January 1, 2016 and December 22, 2017 (for certain partners’ customers),” the company explained.

“Orbitz immediately began investigating the incident and made every effort to remediate the issue, including taking swift action to eliminate and prevent unauthorized access to the platform.”

Travel Company Breach

The possible data breach involving Orbitz is considered just the latest in a string of problems that Expedia has had to face since acquiring the travel company in 2015 for $1.6 billion.

Back in 2016, Orbitz’ sales were affected by a downtime stemming from a system crash while Expedia was integrating Orbitz’ back-end system with its own.

This time, the compromised data involves over 800,000 consumers’ information from an older booking platform.

According to the company, client names, birth dates, payment card information, physical billing addresses, email addresses, gender, and contact numbers may have been accessed. However, there is still no direct evidence that any information was stolen from the website.

“Orbitz’ investigation to date has not found any evidence of unauthorized access to other types of personal information, including passport and travel itinerary information. Additionally, Orbitz can assure U.S. customers that Social Security numbers were not involved in this incident, as these are not collected nor held on the platform,” Orbitz said.

Recently, hackers have shown great interest not just in information brokers like Equifax, but with travel-related services as well. This includes hotels and travel companies. Hackers have reportedly targeted popular hotel chains like Hyatt, Hilton, and the Intercontinental.

Read More: Equifax Hacked and Everything you Need to Know About it

According to Orbitz, the incident is now under thorough investigation and they have already enhanced their security and monitoring of the affected platform. As part of their efforts to fix the issue, Orbitz reportedly brought in a third party forensic investigation firm and cybersecurity experts to work with law enforcement in effectively preventing any unauthorized access in the future.

The travel company also said that they have started notifying potentially affected customers and business partners. Orbitz is now offering affected customers one-year complimentary credit monitoring and identity protection service in countries where it is available.

Right now, potentially impacted customers are advised to remain vigilant, “reviewing and monitoring all of their account statements and credit history to guard against any unauthorized transactions or activity.”

How do you keep your payment information safe when conducting online transactions like travel booking?