Synopsis

In March 2018, the travel search engine and subsidiary of Expedia, Inc. disclosed that 880,000 customers who made purchases in 2016 and 2017 may have been affected by a recently discovered data breach.

A hacker had used a legacy website to gain access to payment-card and other personal information between January 2016 and December of last year. Potentially exposed personal information includes birthdays, addresses, full names, phone numbers, email addresses and gender.

The company wasn't able to confirm exactly what was taken from the platform leaving their customers unclear what form of fraud they should be diligent about. However, in an effort to maintain the trust of its customers and partners, the company is offering a year of complimentary credit monitoring and identity protection services.

The company says the data breach was discovered 1st March while auditing the platform in question and says the hackers gained access to the information between 1st October and 22nd December 2017.

Analysis performed by

Courtenay Brammar

Experienced global enterprise risk and governance professional. Previously Vice President at Morgan Stanley, Deloitte Risk Advisory practitioner and PRMIA steering committee member in both London and New York.

Additional services

We offer a range of cost-effective, fixed-price training programmes and consultant services derived from the unique insights gained from all our case study data.

If you'd rather we did the heavy lifting in developing a cyber incident response plan or lessons learnt training for your organisation underpined by our unique insight into the challenges faced and strategies implemented by organisations countering today's cyber security threats then please contact us here.