Orbitz Data Breach Exposes Nearly 880,000 Payment Card Numbers
Orbitz, a Chicago-based online travel agency and a subsidiary of Expedia, has disclosed a significant data breach affecting its legacy website. Approximately 880,000 payment card numbers have been compromised, potentially exposing customers’ sensitive financial information.
Founded as a travel fare aggregator, Orbitz.com enables users to efficiently book flights, hotels, car rentals, and vacation packages. The breach was identified earlier this month but likely occurred between October 2016 and December 2017. This incident raises serious concerns about the security of customer data over an extended duration.
According to Orbitz, the unauthorized access may have involved payment card information held on a platform for both consumers and business partners. Alongside payment data, personal information such as names, addresses, dates of birth, phone numbers, email addresses, and gender were reportedly accessed. However, the company stated that Social Security numbers of U.S. customers remain secure and were not part of this breach.
Despite this incident, key services, including Expedia flights, hotel bookings, car insurance, and related offerings, have reportedly not been impacted. Orbitz has engaged cybersecurity experts and law enforcement to investigate the breach thoroughly, reassuring users of its commitment to security enhancements on the compromised platform, while confirming that the current Orbitz.com interface is safe.
In a formal statement, Orbitz expressed regret regarding the breach and reaffirmed its dedication to maintaining customer trust. The company is proactively reaching out to affected users and plans to provide one year of complimentary credit monitoring and identity protection services.
Business owners are particularly urged to manage their financial data carefully in light of this breach. With payment card details now potentially accessible to malicious actors, vigilance is paramount. Customers should routinely audit their credit card statements for any unauthorized transactions, promptly reporting suspicious activities to their respective banks.
As the travel industry navigates through this troubling landscape, the repercussions of this breach may extend to shareholder confidence, with potential implications for Expedia’s stock performance. The upcoming release of detailed information concerning the breach will likely influence market responses.
For inquiries related to the data breach, both Orbitz and Expedia have established dedicated customer service channels. Orbitz customers can reach out at 001-312-279-7740, while Expedia users can contact customer support at (877) 227-7481.
In considering the possible tactics employed in this breach, methods related to initial access and data exfiltration from the MITRE ATT&CK framework are relevant. This incident serves as a poignant reminder of the importance of robust cybersecurity measures in safeguarding sensitive information within the travel industry.
