Another season, another breach of personal information from a consumer-facing website. This time, it's Expedia's Orbitz and approximately 880,000 payment cards with information now in the hands of criminals.
According to Expedia, both its partner website and its consumer site were affected by the breach. The consumer site was breached sometime between Jan. 1, 2016 and June 22, 2016, while the partner site was hit between Jan. 1, 2016 and Dec. 22, 2017.
The company said that information including names, phone numbers, email, and billing addresses also might have been accessed. In a statement provided to Reuters, Orbitz said, "To date, we do not have direct evidence that this personal information was actually taken from the platform and there has been no evidence of access to other types of personal information, including passport and travel itinerary information."
Expedia said that the breach was addressed after being discovered earlier this month.
For more, read here.
Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here.