On Tuesday, Expedia announced that one of its subsidiary companies might have been hacked.

There is a high possibility that the online travel booking platform Orbitz.com might have been compromised in early 2016, and again right before Christmas of 2017. According to a statement released by Expedia earlier this week, cybercriminals might have had access to sensitive information of roughly 880,000 people between Jan. 1, 2016, through June 22, 2016; and Oct. 1, 2017, to Dec. 22, 2017.

After an internal investigation, the Chicago-based travel platform known for its travel metasearch engine discovered the breach on March 1st. Even though the investigation did not confirm, nor deny that information has been stolen, they said it is likely that the exposed data might have included user details such as full names, dates of birth, credit card information, phone numbers, gender, email and billing addresses. Social security numbers and travel document information such as numbers of passports, drivers licenses, and ID card are not known to have been stolen.

The cyber-attack has affected Orbitz’s partners too – users using Orbitz-powered sites such as American Express’s Amextravel.com have also been affected. Luckily, American Express stated American Express Global Business Travel and all platforms that manage credit-card accounts haven’t been compromised. Expedia is still investigating the cyber break-in and has hired a forensic investigative firm and multiple cybersecurity experts. They are also working closely with government law enforcement agencies.

Ensuring the safety and security of the personal data of our customers and our partners’ customers is very important to us,” said Orbitz spokesperson in a statement. “We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners.

Expedia is currently contacting affected customers and confirmed that the travel company will be providing free one-year access to credit monitoring and identity theft solutions to almost everyone. US travelers who have used the platform since Jan 1st, 2016 can also call 1-855-828-3959 in the U.S. or 1-512-201-2214 outside the U.S. should they require any additional information.

What should you do?

If you’ve used Orbitz.com in 2016 and 2017, we advise you to contact your credit card company and request a credit card replacement. Even if you feel you have not been affected, taking advantage of the complimentary 1-year credit monitoring and identity theft subscription might be a good idea too. And last but not least, we strongly advise you to install anti-virus software on all your connected devices. Cybercriminals are capable of successfully attacking not only large corporations such as Orbitz or Equifax but regular folks too – be prepared and don’t let hackers come after you or your loved ones.

Download your Antivirus