Orbitz data breach exposes 880,000 customer credit cards

Travel company Orbitz has revealed a huge security breach that exposed about 880,000 customer credit cards. According to the company, the breach — which was discovered on March 1 — could have spanned from October 1, 2017, until December 22, 2017, during which time the hacker may have had access to certain data. The data itself was submitted between January 1, 2016, and June 22, 2016, on the Orbitz platform, as well as between January 1, 2016, through December 22, 2017, through select business partners.

Orbitz says it removed and has since prevented the unauthorized access to its platform, though customers were left exposed by the breach. Per the company's investigation, which is ongoing, the responsible party may have accessed personal data including credit card info, the customer's full name and birth date, email address, physical address, billing address, gender, and phone number.

However, travel information and passport data were likely not accessed, and the hacker didn't have access to Social Security numbers (since they're not collected). The current Orbitz.com website is not involved in this security breach, the company says. Experts and a third-party firm have since been brought in to help with the investigation.

The individual(s) behind the attack aren't stated and may not yet be known. Business partners and customers impacted by the breach are being notified by Orbitz, which is offering a year of identity protection services and credit monitoring to everyone swept up in the breach, though resources made available to international customers may be different.

As with any data breach of this nature, customers are advised to monitor their accounts and credit for any signs of suspicious activity; this could include unauthorized transactions. Anyone who does experience unauthorized activity will need to contact their bank, however, not Orbitz.

SOURCE: Orbitz