Online travel platform Orbitz says it believes hackers may have accessed personal data of as many as 880,000 customers.
The company discovered the breach on March 1, it said.
Data was compromised from an older version of its site from October to December 2017 and included customer payment records dating back more than two years via B2B partner platforms.
It potentially affects data on customer names, payment card information, email addresses and home addresses, but Expedia-owned Orbitz says it does not have ‘direct evidence’ that data has been used.
Orbitz has instructed a third-party cybersecurity firm to ‘eliminate and prevent unauthorized access to the platform’.
“We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners,” it said.
Customers at risk will be entitled to free credit monitoring.
Ken Spinner, VP of field engineering for data security firm Varonis said: "Every time a major consumer brand reports a data breach, consumers are left holding a crummy consolation prize – typically a year’s worth of free credit monitoring and an emailed apology.
” It’s shocking that given all the exposure and bad press from recent breaches it took Orbitz so long to notice anomalies on one of their legacy platforms and failed to lock it down. Companies will continue to drop the ball unless they’re finally held accountable."















