Expedia Inc. (NASDAQ:EXPE) subsidiary Orbitz.com said it discovered and addressed a data security breach involving access to payment card information on what the company called "a legacy booking platform."
Orbitz said the breach involved about 880,000 payment cards. It said it determined early this month that a breach had occurred from 1 October 2017 to 22 December 2017 and that the accessed information was submitted for purchases made from 1 January 2016 to 22 June 2016. The accessed information likely included cardholder names, payment card information, date of birth, phone numbers, email addresses and billing addresses. Orbitz said Social Security numbers of U.S. customers were not accessed.
"We took immediate steps to investigate the incident and enhance security and monitoring of the affected platform," Orbitz said in a statement. It said the current Orbitz.com site "was not in any way involved" in the incident.