Chicago-based online travel booking company Orbitz, a subsidiary of Expedia, reveals that one of its old websites has been hacked, exposing nearly 880,000 payment card numbers of the people who made purchases online.
The data breach incident, which was detected earlier this month, likely took place somewhere between October 2016 and December 2017, potentially exposing customers’ information to hackers.
According to the company, hackers may have accessed payment card information stored on a consumer and business partner platform, along with customers’ personal information, including name, address, date of birth, phone number, email address and gender.
Orbitz worked closely with cybersecurity experts and law enforcement to investigate the breach and confirms that the social security numbers for U.S. customers were not exposed in this incident.
The company claims to have enhanced the security of its compromised platform, though it assures its customers that the current website Orbitz.com was not impacted.
“We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners,” Orbitz said in a statement.
Orbitz is currently working to notify the thousands of affected customers and plans to offer one year of free credit monitoring and identity protection service.
Since the payment card information is now in the hands of cybercriminals, customers are advised to closely monitor their credit card statements and report any unauthorised charges to the issuing bank.