Orbitz says hacker stole two years’ worth of customer data

Travel booking website Orbitz has been hacked, the company said. The site, now owned by Expedia, confirmed in a statement that it “identified and remediated a data security incident affecting a legacy travel booking platform.”

According to the statement, the company found evidence in March that an attacker had access to the company’s legacy systems between October and December last year. It was during that time the hacker accessed customer data from the previous two years — between January 2016 and December 2017 — which included names, dates of birth, postal and email addresses, gender, and payment card information.

On the company’s consumer platform, the attacker may have accessed personal customer data between January and mid-June 2016. Orbitz said that about 880,000 payment cards are affected by the hack. But the company said that it has no direct evidence that this personal information was downloaded from the platform. The current Orbitz.com website was unaffected by the breach, said the company.

Read more about the Orbitz hack that enabled criminals to obtain information about 880,000 payment cards on ZDNet.