A "legacy Orbitz travel booking platform" was
hacked last year between Oct. 1 and Dec. 22, impacting about 880,000 customer and
business partner payment cards, the travel website reported Tuesday. Evidence
suggests hackers may have been able to access historic records dating from
January 2016 through December 2017. Orbitz discovered the breach on March 1 but
has yet to determine whether personal information was actually taken from the
platform.
Potentially stolen data includes: full name, card number,
date of birth, phone number, email address, mailing or billing address and
gender. Orbitz said its investigation has yet to find evidence that passport or
travel itinerary information was accessed.
Orbitz said it is contacting those affected by the breach, and
it claimed to have remedied the situation by working with cybersecurity
experts, law enforcement and a forensic investigation firm to "eliminate
and prevent unauthorized access to the platform."
"An attacker may have accessed personal information
stored on this consumer and business partner platform. We took immediate steps
to investigate the incident and enhance security and monitoring of the affected
platform," according to Orbitz. "The current Orbitz.com website was
not in any way involved in this incident."