Online travel services firm Orbitz has revealed that it has suffered a “data security incident” which may have compromised the sensitive information of hundreds of thousands of customers.
According to Orbitz, which was acquired by Expedia in two years ago, hackers were able to infiltrate a legacy version of the company’s travel booking platform between October 1, 2017 and December 22, 2017. The unauthorised intruders may have accessed the personal data of approximately 880,000 customers, including the following information:
- customers’ payment card details
- customers’ full names
- customers’ dates of birth
- customers’ gender
- customers’ email addresses
- customers’ physical addresses
- customers’ billing addresses
- customers’ phone numbers
The data is said to be related to purchases made in the first six months of 2016 for Orbitz platform customers, and between January 1 2016 and December 22 2017 for “certain partners’ customers.”
This exposure for almost two years of the customers of Orbitz’s business partners is an important point.
It’s very possible that your company, for instance, books your travel through a service like Amex Global Business Travel, and as a consequence may not realise that Amex was relying upon Orbitz’s services.
It may be trued that American Express’s systems were not compromised by a hacker, and that it was a third party – Orbitz – that was targeted, but American Express’s brand still ends up tarnished in the eyes of affected customers.
It’s no wonder more and more companies are waking up to the importance of thoroughly vetting the security measures their business partners have in place to protect data.
The very real risk is that identity thieves and online criminals may attempt to exploit the information extracted from Orbitz to defraud unsuspecting individuals. Scams may arrive via email, in bogus phone calls, or even via post. As a consequence it’s a (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/orbitz-data-breach/