Hackers may have gained access to as many as 880,000 credit cards by hacking into the Orbitz website.
Online travel agency Orbitz disclosed that hackers managed to get both credit card data and personal information (though no Social Security numbers and passwords) from users who made their travel purchases on the site between January 1, 2016 and December 22, 2017. In total, the company says, that’s about 880,000 payment cards that were accessed from what the company calls a “legacy Orbitz platform.”
The hacker gained access to an older version of the website, the company said. The current booking platform is not part of that breach, Orbitz said.
Orbitz discovered the hack earlier in March and since has launched an investigation to determine what data could have been affected. After discovering the vulnerability, the company said it hired a forensic investigative firm and also involved law enforcement.
Orbitz is notifying customers whose data has been affected and will offer them the standard complimentary year of credit monitoring and identity protection services that pretty much every company now offers customers who were affected by a breach (to the point where many a U.S. consumer probably has access to multiple of these services at the same time).