In a week of major data breaches, Orbitz represents the travel sector
By cameron in Uncategorized
It was already one of the worst weeks for revelations of data breaches.
In what may be the mother of all invasions of privacy, Facebook revealed that a UK analytics firm scraped the data of 50 million of its users without their permission.
Then a Walmart jewelry partner exposed the personal details of 1.3 million customers.
And Orbitz went public with the news that it had “identified and remediated” a data security “incident” affecting Orbitz.com.
And it was only Tuesday.
The timing may have been a bit fortuitous for both Orbitz and Walmart. All eyes – especially media eyes – were on the Facebook event.
Orbitz was quick to point out that the website in question was “a legacy travel booking platform” created before Orbitz’s acquisition by Expedia in September 2015. “The current Orbitz.com website was not in any way involved in this incident,” the company said.
Orbitz said that during an investigation of the legacy platform, it determined on March 1 that between Oct. 1, 2017 and Dec. 22, 2017, an attacker may have accessed personal information stored on this consumer and business partner platform.
It took immediate steps to enhance security and monitoring of the affected platform, it said, and .brought in “a leading third-party forensic investigation firm” and other cybersecurity experts. It also began working with law enforcement and took action to block any unauthorized access to the platform.
Orbitz is notifying customers and partners about what personal information may have been accessed in the incident.
The information may include full name, payment card information, date of birth, phone number, e-mail address, physical and/or billing address and gender.
On the Orbitz consumer platform data, the company said, the attacker may have accessed personal information that was submitted for certain purchases made between Jan. 1 and June 22, 2016.
Personal information submitted for purchases made between Jan. 1, 2016 and Dec. 22, 2017, on the Orbitz partner platform may also have been accessed.
“To date, we do not have direct evidence that this personal information was actually taken from the platform,” Orbitz said. Nor has it found evidence that passport or itinerary information was accessed by an attacker, and Orbitz does not collect Social Security numbers.
About 880,000 payment cards were affected.
Affected individuals will receive one year of free credit monitoring and identity protection service in countries where it is available. Partners will be provided with complimentary customer notice support to inform their customers, if necessary.
Orbitz encouraged nyone who is notified to review and monitor their payment card account statements and contact their financial institution or call the number on the back of their card if they suspect that their payment card may have been misused.
Orbitz customers with questions may call 1-855-828-3959 (toll-free U.S.) or 1-512-201-2214 (International), Monday through Saturday, 8 a.m. to 8 p.m. CDT or visit orbitz.allclearid.com for more information.