Expedia subsidiary Orbitz identified, fixed ‘data security incident’ affecting 880,000 payment cards
Travel website Orbitz.com, a subsidiary of Expedia Inc. , said it identified, and remediated, a data security incident in which personal user information was accessed. Expedia’s stock slumped 1.1% in morning trade. Orbitz said it determined on March 1 that a breach had occurred, between Oct. 1, 2017 and Dec. 22, 2017, on a legacy booking platform. The company said the information accessed was submitted for purchases made between Jan. 1, 2016 and June 22, 2016, and likely included full names, payment card information, date of birth, phone numbers, email addresses, billing addresses and gender. There company said social security numbers of U.S. customers were not accessed. The number of payment cards affected is about 880,000. “We took immediate steps to investigate the incident and enhance security and monitoring of the affected platform,” Orbitz said in a statement. The company said the current Orbitz.com site “was not in any way involved” in the incident. Expedia’s stock has shed 8.3% over the past three months, while the S&P 500 has gained 1.6%.