As many as 880,000 customers of Orbitz may have had personal information compromised in a security breach, the online travel booking site warns.
Orbitz on March 1 determined that an attacker may have accessed information stored on a computer system used by consumers and a separate tool used by businesses, the Expedia (EXPE) subsidiary said on Tuesday.
The attacker potentially accessed Orbitz users full names, credit card information, dates of birth, phone numbers and addresses provided in travel purchases between Jan. 1, 2016, and June 22, 2016, Orbitz said, noting that the consumer platform that was breached is no longer in use.
The breach of business partner ata involved purchases made between Jan. 1, 2016, and Dec. 22, 2017.
"The attack involved an Orbitz platform which serves as the underlying booking engine for many online travel websites, including Amextravel.com and travel booked through Amex travel representatives," American Express (AXP) said in a statement.
The company's investigation has so far not uncovered any evidence that passport and travel itinerary information had been accessed, said Orbitz, which is offering those impacted a year of free credit monitoring.