A legacy travel booking platform owned by Orbitz, the popular travel booking site, was accessed by an unauthorized party between October 2017 and December 2017. Data accessed from the company’s legacy systems includes customer information for purchases made between January 2016 to December 2017 including, names, dates of birth, postal and email addresses, gender, and payment card information. Orbitz revealed that approximately 880,000 payment cards were exposed in the hack, but there is currently no direct evidence that customers’ personal information was downloaded from the platform. Orbitz is in the process of notifying impacted customers and partners and is offering one year of complimentary credit monitoring and identity theft protection. The current orbitz[.]com site was unaffected by the breach. The NJCCIC recommends customers who made purchases through Orbitz during the impacted timeframe monitor payment card statements for unauthorized charges, consider placing a freeze on their credit, and immediately notify their banks if fraudulent activity is observed. Additionally, we recommend impacted customers take advantage of the free credit monitoring and identity theft protection services offered.

Data BreachNJCCICOrbitz