Online travel agency Expedia Inc.'s unit Orbitz identified a possible data breach that may have affected 880,000 payment cards, Reuters reported March 20.
Hackers reportedly may have gained access to information such as names, addresses and phone numbers of customers, but not the social security numbers of U.S. customers, the news outlet said.
The breach could have taken place between Jan. 1, 2016, and Dec. 22, 2017, for the partner platform, and between Jan. 1, 2016, and June 22, 2016, for the consumer platform, and had been addressed since its discovery in March, according to the report.
"To date, we do not have direct evidence that this personal information was actually taken from the platform and there has been no evidence of access to other types of personal information, including passport and travel itinerary information," Reuters reported, citing the travel booking site. Expedia reportedly said it has fixed the breach.
In a press release, American Express Co. said the attack involved an Orbitz platform that serves as the booking engine for many online travel websites, including Amextravel.com and travel booked through Amex Travel Representatives. Expedia told the company that the platform has been remediated.
American Express said the attack did not compromise its American Express Global Business Travel and the American Express platforms.