CALIFORNIA, U.S. - Expedia-owned travel website Orbitz disclosed that it had suffered a massive data breach, which has exposed credit card and personal data of about 880,000 of its customers.
The website said in a statement that bad actors may got their hands on both credit card data and personal information from users who made purchases on the site between January 1, 2016 and June 22, 2016.
The company added that hackers could have accessed approximately 880,000 payment cards from a “legacy Orbitz site.”
The company said that the breach was first discovered by the company on March 1 and assured customers that crucial social security numbers, passport and travel information don’t appear to have been accessed.
It said that names, payment card details, email addresses, billing addresses and phone numbers could have been seized by hackers.
Orbitz has so far, not obtained direct evidence that the information has been stolen.
However, experts have said that travel sites often became a prime target for hackers as they hold immense amount of information with rich seams of data to mine and potentially exploit.
In its statement, the company said, “Ensuring the safety and security of the personal data of our customers and our partners’ customers is very important to us. We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners.”
It added that it has been notifying consumers that may have been breached and is also offering them a year of complimentary credit monitoring and identity protection services.
Orbitz said in its statement that it “took immediate steps to investigate the incident and enhance security and monitoring of the affected platform.”
The company also said that it brought in a panel of people to ensure the platform was rendered inaccessible.
The company said, “As part of our investigation and remediation work, we brought in a leading third-party forensic investigation firm and other cybersecurity experts, began working with law enforcement, and took swift action to eliminate and prevent unauthorised access to the platform.”