Orbitz was attacked, 880,000 customer data has affected
According to PhocusWire, Orbitz, an online travel agency under Expedia’s online travel giant, publicly announced on Tuesday that its online travel booking platform has a serious security flaw, and this flaw may make about 880,000 Orbitz customers are at risk of data leakage.
According to Expedia, the vulnerability was discovered when the company inspected Orbitz’s business partner Travelocity, and the Orbitz platform is in the same environment as the platform.
According to a document obtained by PhocusWire from RBC Royal Bank, similar data leakage at about the same time also affected customers on the RBC Travel Rewards Exchange platform operated by Travelocity.
When talking about Travelocity, Expedia said: “We don’t comment on specific partner engagements but I can confirm there is more than one partner impacted by this incident.”
Expedia said that on the 1st of this month they determined that Orbitz had been hacked and that hackers may visit the individual customers stored on the Orbitz reservation platform and Orbitz Business Partner Platform from October 1st to December 22nd, 2017.
The customers involved in the information disclosure are those orders placed on the Orbitz platform between January 1 and June 22, 2016, and on the Orbitz Business Partner Platform between January 1, 2016, and December 22, 2017. For trading clients, information that may reveal risks may include name, payment card information, date of birth, phone number, email address, billing address, and gender.
As mentioned earlier, PhocusWire’s receipt from RBC Royal Bank indicates that the disclosure may also affect those on the RBC Travel Awards Redemption Platform between October 3 and December 22, 2017. The customer who filled in the payment card information, because this time is what Expedia called Orbitz hacking time.
Regarding Orbitz’s question, Expedia stated that so far, there is no direct evidence that Orbitz customers’ personal information has been disclosed, nor have they found any other types of personal information (such as passports and travel itinerary information) in the survey. Hacker access to evidence.
In addition, Expedia also stressed that this incident does not involve the Social Security Number (SSN) and, the current Orbitz website has not been affected.
“Ensuring the safety and security of the personal data of our customers and our partners’ customers is very important to us. We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners,” Expedia Said in a statement.
“We are offering affected individuals one year of complimentary credit monitoring and identity protection service in countries where available. Additionally, we are providing partners with complimentary customer notice support for partners to inform their customers, if necessary.”