There’s been yet another major data protection breach, this time involving Obitz – a subsidiary of Expedia Inc – who say that the data of some 880,000 accounts may have been compromised in a cyber-hack.
Earlier this month, travel site Orbitz determined that an attacker may have accessed data stored on a computer system used by consumers, and accessed a separate tool used by businesses. It’s believed that data submitted in 2016 was exposed, but the discovery of the breach only happened in March this year, meaning data may have been exposed for a prolonged period of time
It’s believed that hackers may have been able to access the data for more than 880,000 accounts, making this is a monumental data protection breach. Data that is thought to have been potentially compromised in the breach includes personal information submitted by users in 2016, such as:
- Full names
- Phone numbers
- Addresses
- Email addresses
- Credit card information
- Birth dates
Combinations of the above are clearly enough for people to fall victim to fraud, especially where credit card information is said to have been exposed as well. We are still hearing about people falling victim to fraud involving the TalkTalk brand, and we understand that the cause of the breach may be, once again, down to outdated systems.
The breach is thought to have possibly occurred sometime between October 2017 and December 2017, meaning victims of the breach have been unknowingly exposed for a considerable period of time. Further, Orbitz did not announce the breach until the 20th March, despite reportedly discovering the breach on March 1st.
Orbitz has faced understandable criticism for being slow to publicise the breach.
It doesn’t help that the breach appears to have been discovered several months after the event. There may already be people who have fallen victim to fraud as a result of any information possibly gleaned from the Orbitz data protection breach.
At this stage, we just don’t know.
In the month that has seen the Tesco credit card issue, the separate Tesco / Travelex breach, the Trusted Quid breach and the Facebook data exposure, we’re left wondering whether our data can ever be safe in the hands of third-party organisations. With the new GDPR coming into force in May, organisations will be facing far greater penalties and fines for any failure to comply with important data protection legislation.
It really is a case of shape-up now, or face consequences that could cripple your business for good.