Online travel services firm Orbitz has revealed that it has suffered a “data security incident” which may have compromised the sensitive information of hundreds of thousands of customers.
According to Orbitz, which was acquired by Expedia in two years ago, hackers were able to infiltrate a legacy version of the company’s travel booking platform between October 1, 2017 and December 22, 2017. The unauthorised intruders may have accessed the personal data of approximately 880,000 customers, including the following information:
The data is said to be related to purchases made in the first six months of 2016 for Orbitz platform customers, and between January 1 2016 and December 22 2017 for “certain partners’ customers.”
This exposure for almost two years of the customers of Orbitz’s business partners is an important point.
It’s very possible that your company, for instance, books your travel through a service like Amex Global Business Travel, and as a consequence may not realise that Amex was relying upon Orbitz’s services.
It may be trued that American Express’s systems were not compromised by a hacker, and that it was a third party – Orbitz – that was targeted, but American Express’s brand still ends up tarnished in the eyes of affected customers.
It’s no wonder more and more companies are waking up to the importance of thoroughly vetting the security measures their business partners have in place to protect data.
The very real risk is that identity thieves and online criminals may attempt to exploit the information extracted from Orbitz to defraud unsuspecting individuals. Scams may arrive via email, in bogus phone calls, or even via post. As a consequence it’s a (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/orbitz-data-breach/
The platform analyzes application interactions to identify cyberattacks and applies mitigations to limit the attack's impact.
In the world of cybersecurity, it often feels like we’re revisiting familiar problems, albeit with a modern twist. The essence…
The new directive prohibits data disclosure when law enforcement agencies want to investigate people, healthcare providers, or others seeking reproductive…
The health insurance giant also admitted that it paid a ransom to the threat group as its CEO prepares to…
TrustCloud’s AI already pre-fills up to 80% of a security questionnaire, but we’ve developed the next iteration. TrustShare has built…
In addition to supporting research centers, the $12.5 million project focuses on training the next generation of cybersecurity pros to…