The Expedia-owned travel booking site says personal information like names, birth dates and billing addresses may have been accessed.
Travel booking site Orbitz said Tuesday that a possible security breach it discovered earlier this month may have exposed information tied to about 880,000 payment cards.
The company said the incident, discovered March 1, involved an older travel booking platform where information may have been accessed between October and December of last year.
Around 880,000 payment cards were affected. The attacker may have accessed personal information such as customers' full names, birth dates, phone numbers, email addresses and billing addresses. The company said it doesn't have "direct evidence" the information, tied to purchases made between January 2016 and December 2017, was taken from the site.
Last year was a big year for cybersecurity breaches, with credit monitoring firm Equifax reporting a data leak that hit around half the US population and Yahoo saying all 3 billion of its accounts were affected in a 2013 incident.
Orbitz said it worked with cybersecurity experts and law enforcement and "took swift action to eliminate and prevent unauthorized access to the platform" once it found evidence of a possible breach.
The company, which is owned by Expedia, said the current site, Orbitz.com, wasn't affected. Orbitz said it's notifying customers and business partners about the incident and is offering a year of free credit monitoring.
"Ensuring the safety and security of the personal data of our customers and our partners' customers is very important to us," the company said in a statement. "We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners."
CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.
Rebooting the Reef: CNET dives deep into how tech can help save Australia's Great Barrier Reef.