Expedia subsidiary Orbitz has determined on March 1, 2018 that personal data stored on their platform was compromised.
The company said that between October 1, 2017 and December 22, 2017 there was evidence of attackers gaining unauthorized access to personal information to include full name, payment card information, date of birth, phone number, email address, physical and/or billing address, and gender.
Affected transactions included certain purchases made by customers between January 1, 2016 and June 22, 2016 (for Orbitz platform customers) and between January 1, 2016 and December 22, 2017 (for certain partners’ customers), according to Orbitz notice of the data breach. The travel booking site said approximately 880,000 payment cards were affected.
The cyber attack involved the Orbitz platform that also serves as the underlying booking engine for many online travel websites, to include Amextravel.com and travel booked through Amex Travel Representatives. Transactions affected include those made my customers on Expedia’s Orbitz platform also between January 1, 2016 and December 22, 2017.
American Express released a statement on the cyber attack: “This was not an attack on, and did not compromise, American Express Global Business Travel or the American Express platforms that Card Members use to manage their American Express Card accounts.” Expedia informed American Express the issue was remediated.