Up to 880,000 credit cards and other personal data exposed in Orbitz data breach

Expedia-owned travel booking site Orbitz has reported that payment information of as many as 880,000 credit cards along with other personal information have “likely” been stolen from its website servers.

What happened and when

According to Orbitz, on March 1, 2018, they have uncovered evidence of two separate breaches of their website platform that occurred between October 1, 2017 and December 22, 2017. In the first breach, the hackers accessed data related to purchases made on between Jan. 1, 2016, and June 22, 2016. In the second breach, the attackers accessed data used by partner sites (including the American Express site that used Orbitz to book travel between Jan. 1, 2016, and Dec. 22, 2017.

Orbitz maintains that this exposure affected its “older” website, and does not impact the current website platform.

What data was affected

Orbitz reports that the following information was exposed in these breaches: payment account information, customer’s full name, date of birth, phone number, email address, physical or billing address and gender. At this time, Orbitz has no evidence that other types of personal information, including passport, social security number or travel itinerary information was exposed.

Next steps and safeguards

As has become the norm, Orbitz is advising customers who suspect they were affected to monitor their payment account activity and credit reports. Orbitz is also offering affected customers one year of complimentary credit monitoring and identity protection service. Visit for more information.

No comments

Comment on this article