Orbitz admits data breach exposed 880,000 credit card details

 Orbitz admits data breach exposed 880,000 credit card details

Breach occurred in 2016 but took two years to travel into Orbitz's view

The company fessed up to what it suspects was a cyber attack made against the personal and payment information of its customers, with data such as dates of birth, email addresses, billing addresses and phone numbers thought to have been exposed.

Credentials for some 880,000 payment cards may have also been nicked as part of the breach, Orbitz said.

The data breach appears to have involved hackers cracking into a legacy website run by Orbitz between January and June 2016, though the company only caught wind of it on 1 March.

A partner platform that also contained Orbitz customer data is also thought to have been breached between January 2016 and December 2017.

Orbitz is now notifying its customer about the breach and is offering a free year's worth of credit monitoring and identity protection to help its customers fight any attempts at fraud committed against them, fueled by the exposed data.

While data breaches are getting increasingly high-profile and come with stringent punishment from the Information Commissioner's Office if not reported correctly, they still seem a dime a dozen these days.