Emerging Threats

Up to 880,000 Credit Cards Accessed in Orbitz Data Breach - What to Do Next


Authored by a Symantec employee

 

March 21, 2018

If you’ve booked trips through Orbitz, hackers may have accessed your credit card or other payment card information in a recent attack.

What should you do now? Here are some steps you can take: Wait to hear from Orbitz, monitor your credit card and bank accounts, and take measures to help protect against identity theft.

Here’s what happened.

Reports from March 20 state that up to 880,000 payment card numbers and related information could’ve been exposed in a data breach. The additional information could include:

  • Customer’s full name
  • Date of birth
  • Phone number
  • Email address
  • Physical or billing address
  • Gender

Orbitz, which is owned by Expedia, apparently had two different data disclosures.

In the first disclosure, an attacker may have accessed customers’ personal information for some purchases made on orbitz.com between Jan. 1, 2016, and June 22, 2016, according to news reports.

In the second disclosure, customer data from other travel sites that used Orbitz to book travel between Jan. 1, 2016, and Dec. 22, 2017, may have been compromised, according to published reports. One of the affected sites was the American Express site Amextravel.com.

Orbitz says its current Orbitz.com website wasn’t involved in this incident.

What you should do now

Orbitz said it was notifying all affected customers and partners, so be on the lookout for such notification, indicating your data may have been exposed.

The Orbitz breach is a reminder that it’s good to regularly review credit card and bank statements, looking for unfamiliar transactions. If you see a transaction that isn’t yours, contact your financial institution immediately.

Keep in mind that it can be safer to use credit cards instead of debit cards when making purchases. That’s because debit cards give fraudsters direct access to the money in your checking account. With a credit card, your bank account isn’t affected until you make a card payment.

 


Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.