Expedia Inc.’s EXPE -0.63% Orbitz subsidiary disclosed Tuesday it has discovered a possible data breach affecting thousands of customers on one of its older sites and an unnamed partner platform.
The breach is estimated to have affected about 880,000 payment cards.
The travel-booking site operator said that during an investigation of an older Orbitz platform it found that a hacker may have accessed consumer data late last year and it is working to notify those who may be affected. The breach didn’t affect the new Orbitz.com, the company said.
The hacker could have had access to data on purchases made between January 2016 and December of last year, including birthdays, addresses, full names and payment card information. The company said that so far there is no evidence that passport or travel itinerary information was accessed and that it doesn’t keep social security information on U.S. customers on its platform.
The company is offering those affected by the breach one year of free credit monitoring.
It is unclear if any of the data was taken from the platform.
Orbitz’s disclosure is the latest announcement from a company involving a breach of sensitive consumer data. Lawmakers have begun to push for tighter regulations regarding when companies have to report potential hacks following incidents at Whole Foods, Sonic Corp. and most notably Equifax Inc. late last year.
Expedia’s shares fell 0.6% to $110.47 during morning trading.
Write to Imani Moise at firstname.lastname@example.org