Orbitz Announced A Possible Breach of Over 800,000 Payment Cards

Travelers beware. If you like shopping around for good deals and used the travel site Orbitz back in 2016, you may be a victim, along with about 879,999 other people of a data breach. The Expedia-owned travel site announced that it had discovered and addressed an unauthorized intrusion of one of its older websites. They stressed that the current website was not affected.

This incident was found on March 1 of this year. It’s believed the attackers got away with personal and financial data including names, genders, birth dates, email addresses, payment card information, and billing and physical addresses.

Anyone who may have purchased anything on the Orbitz website from January 1, 2016 to December 22, 2017 may have been affected and are encouraged to closely monitor payment card charges for at least the next year or until the card used expires or is replaced. There is a reasonable chance that has already happened, but it’s better to err on the side of caution when it comes to fraud.

This breach also applies to those service providers who use Orbitz as a booking platform. American Express is one such organization and is performing their own investigation as to how they may have been affected. So, it’s a good idea to watch your payment card statements if you used them on any travel booking site from January 2016 to the end of last year.

According to the reports, passport or social security information was not stolen, and neither was travel itinerary information. However, Orbitz is offering a year of complimentary credit monitoring and identity protection services where it’s available. Travelers are encouraged to take advantage of it, although remember that it won’t prevent fraud or identity theft. What these services will do is notify you when a request for your credit information is made.

If you were a victim in this or any of the recent data breaches, especially of the recent Equifax breach, consider freezing your credit. This will prevent anyone, including you from opening accounts using your information. Placing a fraud alert is also recommended, if a freeze is not an option for you. This will prevent all three major credit reporting bureaus from releasing credit information about you without authorization. These are valid for 90 days but can be renewed. Make sure you read all the fine print for any service for which you apply. There may be charges or automatic renewals required.

Orbitz is continuing to investigate and has not yet released how the intrusion happened in the first place. They are contacting individuals affected, however. Just be cautious about opening email messages and clicking links that appear to be related to this. It’s likely phishers will take advantage this incident and of others like this and try to use trickery to get malware on systems or to gather additional sensitive information.