Information that was “likely” taken by hackers includes names, credit or debit card details, dates of birth, phone numbers, email addresses, and billing information. Orbitz says it can’t confirm whether any of the information was removed from its platform but assured there was no evidence suggesting passports, travel itineraries, or social security numbers were stolen.
The company, now owned by Expedia, detected the breach on March 1 and determined the attacker likely gained access to the legacy platform’s customer information. It claimed in a statement that it took “immediate steps to investigate the incident” and enhance its security measures.
“As part of our investigation and remediation work, we brought in a leading third-party forensic investigation firm and other cybersecurity experts, began working with law enforcement, and took swift action to eliminate and prevent unauthorized access to the platform,” Orbitz told Gizmodo.
The attacker reportedly had access to computer systems between October and December last year, during which they could access customer data from between Jan. 1, 2016, and Dec. 22, 2017.
Orbitz is now contacting affected customers and offering them a year of complimentary credit monitoring and identity protection.