Travel site Orbitz, which is owned by Expedia, said a “legacy travel booking platform” was likely hacked last year, exposing close to two years of customer data.
The company disclosed the hack Tuesday, saying it discovered earlier this month that a hacker may have infiltrated the platform between October and December of last year. Orbitz said the hacker accessed customer names, birthdates, physical and email addresses and credit card information for customers who made purchases between January 2016 and December 2017.
Orbitz added that it has “identified and remediated,” the incident, which affected 880,000 customer payment cards. Orbitz said it has not found evidence that the hacker downloaded anyone’s personal information from the platform.
“Ensuring the safety and security of the personal data of our customers and our partners’ customers is very important to us,” the company said in a statement. “We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners.”
The company said it has enhanced security of the compromised platform, and the current website was not involved.
Expedia acquired Chicago-based Orbitz in 2015 for $1.6 billion. Orbitz was one of several acquisitions made by Expedia to bolster its status in the online travel market in recent years, including Trivago, Travelocity, HomeAway, Hotels.com and others.
