Vacation-booking biz Orbitz has warned that sensitive details on as many as 880,000 credit cards have "likely" been stolen from its servers by hackers.
In a statement today, US-based Orbitz said it discovered evidence of an intrusion on one of its legacy platforms on March 1, and called in a third-party forensics team. It now looks as though its central booking system was penetrated – and names, payment card information, dates of birth, phone numbers, email addresses, physical and/or billing addresses, and customers' gender could have been stolen.
Equifax peeks under couch, finds 2.4 million more folk hit by breachREAD MORE
"Ensuring the safety and security of the personal data of our customers and our partners’ customers is very important to us," the Expedia-owned outfit stated. "We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners."
The Chicago biz claims people's private details were potentially snatched between January 1, 2016, and December 22, 2017, which is a huge chunk of information. This potentially includes data entered via Orbitz-powered sites, such as American Express's Amextravel.com.
Social security numbers, passport details, and travel itineraries were not swiped, the company insisted. It is a still investigating the cyber-break-in, and has promised one year of free credit monitoring and identity protection service to those affected, as well as to its partners. ®
PS: Active.com has admitted today it was hacked, with names, addresses, email addresses, credit or debit card numbers, expiration dates, and cardholder verification codes entered into its network of websites lifted by miscreants between December 2016 and September 2017. Customers have been notified by email.