[BreachExchange] Orbitz hack exposed data of 880, 000 customers in 2016 and 2017

Audrey McNeil audrey at riskbasedsecurity.com
Tue Mar 20 18:58:52 EDT 2018


http://www.cbc.ca/news/business/orbitz-data-breach-1.4583985

Orbitz says one of its older websites may have been hacked, potentially
exposing the personal information of people who made purchases online
between Jan. 1, 2016 and Dec. 22, 2017.

The current Orbitz.com website was not involved in the incident. Orbitz is
now owned by Expedia Inc. of Belleview, Washington.

Orbitz said Tuesday about 880,000 payment cards were impacted.

When asked for clarification about the number — if any — of Canadians
involved, the company told CBC News "we do not share that level of detail."

Data that was likely exposed includes name, address, payment card
information, date of birth, phone number, email address and gender. Social
Security information was not hacked, however. The company said evidence
suggests that an attacker may have accessed information stored on the
platform — which was for both consumers and business partners — between
Oct. 1, 2017 and Dec. 22, 2017.

It said it discovered the data breach March 1.

Orbitz is offering those impacted a year of free credit monitoring and
identity protection service in countries where available.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180320/ed115de4/attachment.html>


More information about the BreachExchange mailing list