A padlock sits atop a gold credit card

A recent data breach left 880,000 Orbitz customers vulnerable to identity theft and credit card fraud. Hackers gained access to information entered into third-party websites from January 1, 2016 to December 22, 2017. This information potentially included credit card numbers, names, addresses, and dates of birth. Fortunately, no Social Security Numbers or passport information was compromised.

How Did Orbitz Get Hacked?

Orbitz suspects that the data breach occurred between October 1, 2017 and December 22, 2017, but it wasn’t discovered until March 1, 2018. Guy Podjarny, chief executive officer of the security company Snyk, says that this is likely because “most big tech companies have a string of legacy systems, often built with minimal security. The people who wrote those systems have long since left the company, making these poorly-monitored systems a liability.” In other words, the cyber security or tech divisions of big companies aren’t always able to monitor the security of data influx and outflow, which leaves your information vulnerable.

This hack could have been prevented by either a well-structured tech division or by the decentralization of data. Decentralization stores user information on user devices and no data is kept within companies’ databases. Many large companies are opting for decentralized data to avoid being culpable in cases of identity fraud and credit card fraud.

Decentralization might not be so necessary if this Orbitz hack was an isolated incident, but it is not. In 2017, a breach of the website belonging to the credit reporting agency Equifax gave hackers sensitive information for over 150 million Americans. A 2013 hack of Yahoo left the user information of 3 billion people vulnerable — and it wasn’t discovered until 2017. Chipotle was attacked by Malware in early 2017 which stole the credit card information of a number of visitors to every restaurant. Six million Verizon customers had their user information exposed in 2017, only a year after Verizon Enterprise Solutions was hacked. And already in 2018, 40,000 credit cards numbers have been exposed by a OnePlus hack.

As a way to make up for the hack of their users’ information, Orbitz is offering free credit monitoring and identity protection services for one year to those affected. Although it wasn’t Orbitz’s current website that was accessed, the hackers did penetrate a system used by Orbitz customers and another used by businesses. Information entered into Orbitz’s partner platform Amex Travel may also have been accessed. Orbitz has employed a forensic team, cyber security professionals, and law enforcement members to help discover the source of the attack. The company is also working to prevent such an attack from happening again in the future.

How Do I Know if My Information was Among the Stolen Data?

If you used Orbitz between January of 2016 and December of 2017, it’s likely that they’ve contacted you if your data was stolen. However, this is not a guarantee, and it’s unclear if Equifax, Chipotle, Verizon, Yahoo, or OnePlus made the same strides to contact users about the vulnerability of their data. Additionally, there are a number of smaller breaches of user data all the time that don’t make the news, and large breaches often aren’t discovered for months or even years.

Fortunately, there are resources available to help you determine if your data has been exposed. Security researcher Troy Hunt has built a website that helps you determine if your information has been accessed during any of these recent breaches. Information in this article also outlines steps to determine if your credit information has been stolen and how to repair your credit after identity theft.

Build My Scores also offers credit monitoring and credit repair services. These will help you determine if your credit has been compromised, boost your score, and prevent credit card fraud and identity theft in the future.