Travel booking site and Expedia subsidiary Orbitz revealed today that they have suffered a data breach which may have exposed as many as 880, 000 customers’ personal information. According to an official statement by Orbitz, the hack occurred on a “legacy travel booking platform”—an older site in other words—and did not affect the newer site.
The breach occurred between October and December 2017. Orbitz spokespeople stated that it appears the hacker was able to access customer names, birth dates, email addresses, and credit card information. The customer information at risk spans from January 2016 to December 2017. The hack was discovered earlier this month. Orbitz stated that the security hole has been closed and has begun informing customers if they’ve been affected. They are offering free credit monitoring for a year to all victims.
Orbitz stated that the evidence suggests customers’ data was not downloaded. “Ensuring the safety and security of the personal data of our customers and our partners’ customers is very important to us. We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners,” they stated.
The identity of the hackers has not yet been determined. The incident highlights the need for better threat detection and response, as well as the importance of closing security holes even in older enterprise platforms.
Latest posts by Ben Canner (see all)
- Top 6 Information Security Books for Professionals - September 24, 2020
- Key Findings from Gartner’s 2020 Market Guide for SOAR - September 23, 2020
- Top 5 Cybersecurity Intelligence Books for Professionals - September 21, 2020