Orbitz May Have Exposed 880,000 Credit Cards

Orbitz, a travel fare aggregator website and travel metasearch engine owned by Expedia, has been found with signs of a major data breach that may have exposed 880,000 customer credit card records. The company discovered signs of the breach on March 1, which may have exposed customer details such as names, payment card information, dates of birth, phone numbers, email addresses, billing addresses, and gender.

Orbitz researchers were conducting an investigation on an older Orbitz.com platform when they found signs of unauthorized access. The company said that attackers may have accessed customer data submitted to a legacy website between January 1 and June 22, 2016, while information from purchases from its partner platform were exposed between January 1, 2016 and December 22, 2017.

The company noted that despite traces of data breach, it has yet to find direct evidence that personal information was actually stolen from the platform. In a statement, Orbitz said they deeply regret the incident, and they are committed to doing everything they can to maintain the trust of customers and partners. The company said it is notifying customers possibly affected by the breach, and is offering a year of complimentary credit monitoring and identity protection services.

The current Orbitz.com website was said to be unaffected by the breach.

Defense against data breaches

As data breaches have become incidents that continue to trigger major headlines that lead to decreased brand reputation, businesses must strengthen their security measures to ensure customer data is protected at all times and across every layer of their operation. Regulations that champion customer data protection will be enforced by the EU General Data Protection Regulation (GDPR) starting May 25 this year, and businesses can benefit the most by abiding by its rules.

To defend against data breaches, businesses can follow these best practices:

  • Patch systems and networks regularly to prevent cybercriminals from exploiting vulnerabilities in unpatched and outdated software
  • Implement proper security measures and processes to create an efficient security process that can help IT professionals quickly identify when and where data breaches occur. Regular security audits also ensure that all systems connected to the organization’s network are accounted for.
  • Educate employees on the threats and tactics attackers use to help them identify threats and act on them
  • Implement an effective disaster recovery plan for a data breach. This doesn’t only address the attack itself, but also the concerns of the people affected. This includes disclosure strategies, mitigation steps, and working with law enforcement agencies. People working within the organization should also be informed of these contingency plans.

Users, on the other hand, can follow these recommendations to ensure their data is protected:

  • Keep track of banking receipts and be on the lookout for unauthorized purchases.
  • Be wary of requests sent via email and messages. Social engineering tactics are designed to prey on the gullible.
  • Limit what you share and avoid sharing personal details on social media.
  • Secure your accounts. Use different email addresses and passwords for each account you have. Use a password manager to automate the process.
  • Do not open email from unfamiliar senders. When in doubt, delete without opening it. Verify first before opening any attachments.
HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Опубликовано в Cybercrime & Digital Threats, Data Breach