Between October and December 2017 travel booking website, Orbitz, experienced a data breach when their previous booking platform was accessed by an unknown party. It wasn’t until March 1st 2018 that the company recognised that there had been an issue.
The breach affected data relating to 880,000 of Orbitz’ customers, including names, payment card information, dates of birth, email addresses, physical billing addresses and phone numbers. Although, it doesn’t yet have “direct evidence” that any information was taken from the website.
Orbitz said their current website wasn’t affected but that they “took immediate steps to investigate the incident and enhance security and monitoring of the affected platform.” They also informed those affected that they will receive free credit monitoring and identity protection.
Alex Heid, White Hat Hacker and Chief Research Officer at SecurityScorecard, said in a statement:
“There has been a slowdown in breaches of this size that have been disclosed within the last few months. However, this indicates that data breaches are indeed happening constantly in 2018 and this year is likely to see more through the same attack vectors, legacy systems and third-party vendors.”
This is an example of why storing sensitive data directly on an organisation’s system can be dangerous for their customers. With increased public knowledge of data breaches, Paysafe research discovered that 55% of consumers think that “fraud is an inevitable part of shopping.”
To support organisations in protecting consumers our Web Payment services can integrate into a wide variety of online and e-commerce platforms, offering the highest level of the Payment Card Industry Data Security Standard (PCI-DSS Level 1). We ensure that the way our clients accept, process, store or transmit sensitive information is done safely and securely.
Mark Kelly, CCO UK / VP of International Sales at Key IVR comments:
“Our services integrate with all major Payment Service Providers (PSPs), by providing a secure conduit, sensitive information is never directly stored on a corporate database. If a breach or exploit was to occur, our clients would be 100% confident that sensitive card details were excluded from the scope.”
You can find out more about the breach on this website.
Find out more about our Web Payments solution.