Over the past few days, there has been news on how private data was passed on to a data analytics company, Cambridge Analytica by Facebook. This has begun a huge brawl on social media on data protection and how laws concerning data protection should be more stringent. Yesterday, an online travel agency, Orbitz, disclosed that their systems had been hacked. The hackers managed to get both credit card data and some personal information from users who made travel purchases on the site between 1 January 2016 and 22nd December 2017. In total, the company says, that’s about 880,000 payment cards that were accessed.
The hackers also likely accessed other data, like names, physical or mailing addresses, birth dates, email addresses, phone numbers and the customer’s gender while they were in the systems between October and December 2017. It’s unclear whether the hackers also downloaded this data. In a statement, though, Orbitz told us that it has found no “direct evidence that this personal information was actually taken from the platform.”
Orbitz, which has been part of the Expedia empire of travel sites since it was acquired in 2015, says that it has updated its security posture since discovering the breach on March 1. The company also notes that its current site is not affected by this breach and that it brought in third-party experts and a forensic investigation firm, as well as law enforcement, to “eliminate and prevent unauthorized access to the platform.”
While this breach isn’t at the level of the giant Equifax and Yahoo hacks, here is yet another company that couldn’t keep your data safe. Indeed, at this point, you can pretty much assume that all of your personal data and likely your passwords and credit cards, too, are up for sale in one of the darker parts of the internet.
This article was first published on techcrunch.