Posted by William Charles on March 20, 2018
Misc

Published on March 20th, 2018 | by William Charles

7

Orbitz Data Breach – 880,000 Payment Cards Affected

Orbitz has released details regarding a data breach. There are two different sets of dates relating to the breach:

  • January 1st, 2016 and June 22nd, 2016 for the consumer platform
  • January 1st, 2016 and December 22nd, 2017 for their partner platform

The Orbitz site itself was not affected, it was a legacy travel booking platform that was affected. That being said the attacker accessed the following customer data: names, date of birth, post and e-mail addresses, gender and payment card information. Social security numbers were not accessed and Orbitz stated that:

To date, we do not have direct evidence that this personal information was actually taken from the platform and there has been no evidence of access to other types of personal information, including passport and travel itinerary information,

That doesn’t fill me with any sort of confidence given that’s what most if not all companies initially say after a data breach has occurred. Data breaches are all too common these days and I don’t believe the penalties align with the damage that can be done to individual consumers. If you think you might have been affected by this breach, we’d recommend reading this post on what to do. It provides information pertaining the Equifax data breach, but the steps you need to take are mostly the same.



7
Leave a Reply

avatar
 

  Subscribe  
newest oldest most voted
Notify of
C
C

You’re right – it does feel all too common. I wonder when the cost of a leak outweighs the cost of applying security a priori. Any thoughts to what kind of penalties you’d like to see, DOC?

St
St

Waiting for more free credit monitoring services

Josh
Josh

there should be a consumer law passed that requires companies to pay people a fixed $ amount for breaches of unencrypted data. for example, each name/email = $10. CC = $50. SSN = $100, etc.

Security breaches will magically become way less common.

Gadget
Gadget

https://orbitz.allclearid.com/additionalinformation.html

So, how do we know if we were impacted? I don’t get why they can’t make that clear… How do I know if travel I booked two years ago was involved with the legacy booking system? Looks like it’s best to sign-up for all-clear if in doubt, and let them cancel it if you are not affected. I rarely travel, so personally I think I am fine.

AJ777
AJ777

I just spoke to the dedicated phone line.

The agent said that all affected customers WILL receive an email or a letter in the mail.

She was not sure if they have been sent out or not. I have trusted ID from the Equifax breach.. don’t really want to sign up for another one.. All Clear ID .. so will wait to see if I receive a letter or email.

Burn
Burn

I received an email from AMEX saying that their AMEX travel website or phone booking systems are compromised because they used Orbtiz system platform. So most likely my information is already out there because I’ve used their website to book travels in the last few months using the business platinum card benefits.

Back to Top ↑