Orbitz Breach Exposes Risks to Partners, and the Vulnerabilities of Older Technology
Another day, another data breach. But each one has lessons for the payments industry, and that includes the breach disclosed Tuesday by online travel-services provider Expedia Inc.’s Orbitz subsidiary.
Hackers accessed one of Orbitz’s older systems and thereby may have exposed 880,000 payment card numbers on file, according to press reports. The breach occurred from last October through most of December, but the affected cards were used in 2016 and most of 2017. Orbitz said it discovered the breach March 1.
The cards on file were used to book travel through Orbitz or through sites that use its platform, including the American Express Co.-affiliated Amextravel.com. Also exposed were customer names, addresses, and birthdays.