Travel website Orbitz on Tuesday disclosed a possible breach that may have resulted in hackers making away with personal information on 880,000 customer payment cards.
Orbitz, which is now owned by Expedia, described the episode as a “data security incident,” saying that an internal investigation revealed that hackers may have accessed card information stored on a consumer and business partner platform between October and December of last year. The company said the Orbitz website was not involved in the incident and that there is no “direct evidence” of information actually being stolen.
{mosads}In total, the company said hackers may have gained access to personal information on roughly 880,000 payment cards, including payment card information, names, birth dates, phone numbers and email and billing addresses.
The company said that hackers potentially compromised information on the consumer platform that was used to make purchases between January 2016 and June 2016. With respect to its business partner platform, Orbitz said the cards potentially compromised were used in payments between January 2016 and December 2017.
The company said it turned up evidence earlier this month of the possible breach when investigating a “legacy” Orbitz platform.
“We took immediate steps to investigate the incident and enhance security and monitoring of the affected platform,” Orbitz said in a statement. “As part of our investigation and remediation work, we brought in a leading third-party forensic investigation firm and other cybersecurity experts, began working with law enforcement, and took swift action to eliminate and prevent unauthorized access to the platform.”
The company said it is working to notify customers and partners of the incident and plans to provide free credit monitoring and identity theft protection to those impacted.
“Ensuring the safety and security of the personal data of our customers and our partners’ customers is very important to us,” the company said. “We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners.”
The incident follows a string of high-profile breaches, including the massive data breach at credit reporting firm Equifax that impacted data on more than 145 million American consumers.
Expedia acquired Orbitz, a rival travel website, back in 2015 in a $1.6 billion deal.