What happened in the Orbitz data breach?
Twingate Team
•
May 24, 2024
In March 2018, the travel website Orbitz, owned by Expedia, experienced a data breach affecting a legacy platform. The breach occurred between October and December 2017, with unauthorized access to personal and financial data of users. The exposed information included names, genders, dates of birth, phone numbers, email addresses, physical and billing addresses, and payment card data. Orbitz offered affected customers complimentary credit monitoring and identity protection services for one year.
How many accounts were compromised?
The breach impacted data related to approximately 880,000 individuals.
What data was leaked?
The data exposed in the breach included names, genders, dates of birth, phone numbers, email addresses, physical and billing addresses, and payment card information.
How was Orbitz hacked?
Attackers gained access to a legacy platform of Orbitz between October and December 2017, circumventing security detection and deploying malware targeting payment cards. The breach was discovered in March 2018, and Orbitz took steps to address the issue, including contracting forensic investigation and cybersecurity experts, eliminating vulnerabilities, and notifying law enforcement. The company also offered affected individuals one year of complimentary credit monitoring and identity protection services.
Orbitz's solution
In response to the hack, Orbitz implemented a comprehensive information security program, which included conducting annual comprehensive risk assessments, developing a plan for designing and implementing safeguards, performing regular security monitoring and testing, employing improved access control and account management tools, and reorganizing and segmenting its network. The company also took steps to comply with Payment Card Industry Data Security Standards. Orbitz contracted forensic investigation and cybersecurity experts to analyze the incident and eliminate vulnerabilities, and notified law enforcement to help prevent future incidents.
How do I know if I was affected?
Orbitz reached out to affected users following the data breach. If you believe you may have been affected but did not receive a notification, you can visit Have I Been Pwned to check if your credentials were compromised in the breach.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective platform or financial institution.
For more specific help and instructions related to Orbitz's data breach, please contact Orbitz's support directly.
Where can I go to learn more?
If you want to find more information on the Orbitz data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the Orbitz data breach?
Twingate Team
•
May 24, 2024
In March 2018, the travel website Orbitz, owned by Expedia, experienced a data breach affecting a legacy platform. The breach occurred between October and December 2017, with unauthorized access to personal and financial data of users. The exposed information included names, genders, dates of birth, phone numbers, email addresses, physical and billing addresses, and payment card data. Orbitz offered affected customers complimentary credit monitoring and identity protection services for one year.
How many accounts were compromised?
The breach impacted data related to approximately 880,000 individuals.
What data was leaked?
The data exposed in the breach included names, genders, dates of birth, phone numbers, email addresses, physical and billing addresses, and payment card information.
How was Orbitz hacked?
Attackers gained access to a legacy platform of Orbitz between October and December 2017, circumventing security detection and deploying malware targeting payment cards. The breach was discovered in March 2018, and Orbitz took steps to address the issue, including contracting forensic investigation and cybersecurity experts, eliminating vulnerabilities, and notifying law enforcement. The company also offered affected individuals one year of complimentary credit monitoring and identity protection services.
Orbitz's solution
In response to the hack, Orbitz implemented a comprehensive information security program, which included conducting annual comprehensive risk assessments, developing a plan for designing and implementing safeguards, performing regular security monitoring and testing, employing improved access control and account management tools, and reorganizing and segmenting its network. The company also took steps to comply with Payment Card Industry Data Security Standards. Orbitz contracted forensic investigation and cybersecurity experts to analyze the incident and eliminate vulnerabilities, and notified law enforcement to help prevent future incidents.
How do I know if I was affected?
Orbitz reached out to affected users following the data breach. If you believe you may have been affected but did not receive a notification, you can visit Have I Been Pwned to check if your credentials were compromised in the breach.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective platform or financial institution.
For more specific help and instructions related to Orbitz's data breach, please contact Orbitz's support directly.
Where can I go to learn more?
If you want to find more information on the Orbitz data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the Orbitz data breach?
Twingate Team
•
May 24, 2024
In March 2018, the travel website Orbitz, owned by Expedia, experienced a data breach affecting a legacy platform. The breach occurred between October and December 2017, with unauthorized access to personal and financial data of users. The exposed information included names, genders, dates of birth, phone numbers, email addresses, physical and billing addresses, and payment card data. Orbitz offered affected customers complimentary credit monitoring and identity protection services for one year.
How many accounts were compromised?
The breach impacted data related to approximately 880,000 individuals.
What data was leaked?
The data exposed in the breach included names, genders, dates of birth, phone numbers, email addresses, physical and billing addresses, and payment card information.
How was Orbitz hacked?
Attackers gained access to a legacy platform of Orbitz between October and December 2017, circumventing security detection and deploying malware targeting payment cards. The breach was discovered in March 2018, and Orbitz took steps to address the issue, including contracting forensic investigation and cybersecurity experts, eliminating vulnerabilities, and notifying law enforcement. The company also offered affected individuals one year of complimentary credit monitoring and identity protection services.
Orbitz's solution
In response to the hack, Orbitz implemented a comprehensive information security program, which included conducting annual comprehensive risk assessments, developing a plan for designing and implementing safeguards, performing regular security monitoring and testing, employing improved access control and account management tools, and reorganizing and segmenting its network. The company also took steps to comply with Payment Card Industry Data Security Standards. Orbitz contracted forensic investigation and cybersecurity experts to analyze the incident and eliminate vulnerabilities, and notified law enforcement to help prevent future incidents.
How do I know if I was affected?
Orbitz reached out to affected users following the data breach. If you believe you may have been affected but did not receive a notification, you can visit Have I Been Pwned to check if your credentials were compromised in the breach.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective platform or financial institution.
For more specific help and instructions related to Orbitz's data breach, please contact Orbitz's support directly.
Where can I go to learn more?
If you want to find more information on the Orbitz data breach, check out the following news articles:
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions