Travel website Orbitz announced on Tuesday it was the victim of a months-long data breach that could have compromised the personal data and credit card information of users.
An investigation revealed that a hacker may have had access to sensitive information stored on an Orbitz legacy travel booking platform from Jan. 1, 2016 through June 22, 2016, and again between Oct. 1, 2017 and Dec. 22, 2017. The credit card information of 880,000 consumers is at risk, along with other sensitive information including birth dates, phone numbers, email addresses, billing addresses and gender information, the company said.
“We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners,” Orbitz said in a statement. “We are working quickly to notify impacted customers and partners.”
The breach was discovered on March 1. Affected individuals will be given free credit monitoring and identity protection services for one year.
Orbitz’s website was not involved in the attack, according to the company. They also maintain that, so far, they do not have any direct evidence that the information was actually taken from the site.