Orbitz
Original Release Date: 3/23/2018
Summary
A legacy travel booking platform owned by Orbitz, the popular travel booking site, was accessed by an unauthorized party between October 2017 and December 2017. Data accessed from the company’s legacy systems includes customer information for purchases made between January 2016 to December 2017 including, names, dates of birth, postal and email addresses, gender, and payment card information. Orbitz revealed that approximately 880,000 payment cards were exposed in the hack, but there is currently no direct evidence that customers’ personal information was downloaded from the platform. Orbitz is in the process of notifying impacted customers and partners and is offering one year of complimentary credit monitoring and identity theft protection. The current orbitz[.]com site was unaffected by the breach.
Recommendations
The NJCCIC recommends customers who made purchases through Orbitz during the impacted timeframe monitor payment card statements for unauthorized charges, consider placing a freeze on their credit, and immediately notify their banks if fraudulent activity is observed. Additionally, we recommend impacted customers take advantage of the free credit monitoring and identity theft protection services offered.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.