Orbitz has released details regarding a data breach. There are two different sets of dates relating to the breach:
- January 1st, 2016 and June 22nd, 2016 for the consumer platform
- January 1st, 2016 and December 22nd, 2017 for their partner platform
The Orbitz site itself was not affected, it was a legacy travel booking platform that was affected. That being said the attacker accessed the following customer data: names, date of birth, post and e-mail addresses, gender and payment card information. Social security numbers were not accessed and Orbitz stated that:
To date, we do not have direct evidence that this personal information was actually taken from the platform and there has been no evidence of access to other types of personal information, including passport and travel itinerary information,
That doesn’t fill me with any sort of confidence given that’s what most if not all companies initially say after a data breach has occurred. Data breaches are all too common these days and I don’t believe the penalties align with the damage that can be done to individual consumers. If you think you might have been affected by this breach, we’d recommend reading this post on what to do. It provides information pertaining the Equifax data breach, but the steps you need to take are mostly the same.
