Orbitz Announces Two Year Long, Old Data Breach Affecting 880,000 Payment Cards

Multiple news outlets are reporting that Orbitz, a subsidiary of the online travel agency Expedia Inc., suffered a major data breach with hackers accessing personal information associated with 880,000 payment cards. The breach, which was discovered on March 1, reportedly began on Jan. 1, 2016 and continued intermittently through Dec. 22, 2017. Information from consumers using Orbitz to book travel, such as names, phone numbers, emails, and billing addresses, were likely stolen by Hackers. However, social security numbers were not affected.

Orbitz said it also provides a back-end booking system for other companies, which may also have been affected. American Express said that could include people who booked through Amextravel.com but that the breach did not affect American Express Global Business Travel or the platforms that card members use to manage their accounts.

While Orbitz admits that information was likely accessed, it has not yet admitted that the information was stolen. Instead, in a statement, the company said that “to date, we do not have direct evidence that this personal information was actually taken from the platform and there has been no evidence of access to other types of personal information, including passport and travel itinerary information."