Orbitz, the travel booking website, released an official report regarding a potential data breach on the 20th of March, 2018. According to researchers, there is a possibility that personal data of up to 880, 000 users who used the Orbitz platform to book flights, hotels, and cruises ended up in hackers’ hands. It should be emphasized that personal information was taken from an older version of the booking platform. That is, the current version of Orbitz.com has not been hacked. The company was analyzing the older Orbitz platform when evidence showing that hackers gained unauthorized access to consumer data was found. The exact period of the breach is still unknown, but analysts suspect that it could have taken place between October and December 2017. Unfortunately, specialists found it only on the 1st of March, 2018. Orbitz has not provided any information about the nature of the data breach in its report, but some experts believe that an Orbitz partner is the one responsible for it. Alternatively, some researchers suspect that the consumer data was exposed because the internal employee’s credentials were compromised: “According to Verizon’s DBIR, there’s an 81 percent probability that the compromised credentials of a trusted admin were the root cause of this attack.”
The information that could have been accessed by hackers includes the following details: full name, date of birth, payment card information, phone number, email address, gender, and physical/billing address. Orbitz confirmed that other personal details are safe: “Our investigation to date has not found any evidence of unauthorized access to other types of personal information, including passport and travel itinerary information. For U.S customers, Social Security numbers were not involved in this incident, as they are not collected nor held on the platform.” The company reported that there is no direct evidence that the information was stolen from the platform even though cyber criminals may have had a chance to access it without many difficulties.
Orbitz was acquired by Expedia for $1.6 billion back in 2015. It seems that the most recent data breach has influenced the company’s value of shares in a negative way because share prices have decreased by 2% since the official report regarding the possible data breach was released by the company.
It is not the first data breach, specialists say. OnePlus reported that up 40, 000 customers could have been affected by the data breach in January. As a consequence, users were not allowed to pay for items at the online store using credit cards for some time. What is more, the Verizon’s partner Nice Systems, responsible for customer service calls, exposed millions of users’ records. As for the most recent Yahoo breach, it affected 3 billion users’ accounts. Finally, personal information belonging to 140 million people was stolen from the credit rating agency Equifax. This is not a full list of affected companies, and it is not very likely that it will not become even longer in the near future because cyber criminals will definitely not stop doing their dirty work anytime soon. Therefore, IT specialists should do all it takes to strengthen the protection of servers belonging to companies.
Users who were affected by the Orbitz data breach should take some measures in order not experience more problems, according to specialists. Several pieces of advice experts have for victims can be found listed below:
- Change your passwords immediately. Do not forget to use different passwords for different accounts!
- Contact your bank/credit card issuer.
- Get a copy of your credit card report and check whether there are no payments you do not recognize.
- Get a new debit card. If you paid to Orbitz using your debit card last year, consider getting a new one.
- Consider filing a police report.
References:
- Deahl, D. Orbitz says a possible data breach has affected 880 000 credit cards. The Verge
- Free Stock Photos. Pexels
- Lord, N. Data Breach Experts Share the Most Important Next Step You Should Take After a Data Breach in 2017 – 2015 & Beyond. DigitalGuardian
- Olenick, D. Orbitz hit with data breach, info on 880 000 payment cards at risk. SC Media