Orbitz, a travel booking site and subsidiary of the Expedia Inc., has confirmed the discovery of a reported data breach that may have compromised the accounts of hundreds of thousands of customers who had booked trips via one of its former partner platforms or older websites.
Although Orbitz concealed the names of the business partners that the breach apparently affected, a separate report by American Express Company indicated that this breach primarily affected clients who booked their trips through Amextravel.com and representatives of Orbitz.
According to Orbitz, the highly publicized breach is projected to have had its toll on approximately 800,000 accounts (payment cards).
Orbitz’s operator confirmed through an inquiry on one of the travel-booking site’s older platforms that the firm discovered that it is possible that an unknown hacker may have gained access to private consumer information last year. The site was, however, quick to reassure its clients that it was making efforts to notify everyone that may have been affected.
Despite the data breach, the company indicated that their new website (Orbitz.com) was not affected by the incident.
Cyberattack Exposed Customer Details
It is believed that the hacker gained access to information on purchases made between January and December 2016, which includes addresses, birthdays, payment card information and full names.
Until now, the company is yet to get substantive proof that the travel itineraries or passport information of its clients had been accessed in the hack, although they are yet to fully confirm if any of these personal details were taken from their platforms. As for social security information, the company does not store this data on any of its platforms.
Additionally, American Express confirmed that all platforms which manage credit card accounts, with American Express Global Business Travel included, were not affected by the breach.
In the wake of this discovery, Orbitz has indicated that it is working with cybersecurity experts, a forensic investigation company and the local authorities in efforts to completely eliminate and subsequently prevent any future cyberattack on its platform.
In a newly released report, the company outlined that guaranteeing the security and safety of their partners’ and customers’ personal information is important. As such, the firm confirmed that it was working to rebuild the trust of their clients.
The report also highlights that aside from notifying the affected clients, they will also be providing them with free credit monitoring for a year.
Since the recent disclosure, the shares of Expedia Inc., which owns Orbitz, have dropped to around $106 in the trade market (as of March 23).
Latest in Growing Number of Data Breaches
The disclosure from Orbitz is one of the many data breach-related announcements that have rocked the headlines in recent times.
Over the last year, the world has witnessed multiple mass data breaches, some of them affecting large multi-national corporations including Yahoo, Verizon, OnePlus and others.
According to OnePlus, more than 40,000 of its clients were victims of a January 2018 breach that resulted in the company temporality closing down all credit card payments to their online store.
In another instance, a data breach on Verizon exposed millions of customer records, while Yahoo also reported that a 2013 breach affected three billion accounts, nearly its entire user base.
Globally-acclaimed firms such as Amazon, Sonic and Equifax have also been substantially affected by data breach incidents, going to show the severity of the situation.
Meanwhile, lawmakers have started pushing for more stringent regulations on the steps firms need to follow in disclosing potential hack incidents.