Living with credit, Protecting yourself

Orbitz, AmEx Travel and the new normal of data breaches

John Egan
Orbitz, AmEx Travel and the new normal of data breaches

Is a data breach followed by an offer of free credit monitoring the “new normal” for credit card holders?

Yes, and that’s unfortunate. What’s worse is we’re becoming immune to these data breaches.

The news: An Orbitz data breach exposed the credit card numbers and other personal information of 880,000 customers, and American Express emailed within hours that I, as an American Express Platinum cardholder, may be among those affected.

How Orbitz and AmEx are related: The Orbitz platform hit in the cyberattack is the underlying booking engine for and for AmEx Travel representatives who handle bookings by phone.

The details: The travel company says it discovered the hack March 1, and the breach apparently happened between Oct. 1 and Dec. 22, 2017.

The cyberattack struck both Orbitz and partners like American Express. If someone booked directly on Orbitz between Jan. 1 and June 22 of 2016, their information might now be in the hands of hackers. For customers of partners like American Express, that window is Jan. 1, 2016, to Dec. 22, 2017.

It just so happens that I made a hotel booking through during that time period, so I might be a victim.

Information that may have been exposed in the breach

American Express and Orbitz tell me the following information might have been exposed in the data breach:

  • Full name.
  • Credit card data.
  • Email address.
  • Phone number.
  • Physical address, billing address or both.

Well, that’s unsettling.

Thankfully, the hack didn’t compromise personal data like my Social Security number, passport information or travel itineraries, according to the American Express email.

Nonetheless, some hacker out there has plenty of information about me — information that I suspect other hackers previously have stolen.

Another day, another data breach

Unfortunately, I’ve become almost immune to notifications like this from credit card companies and merchants. It’s an all-too-common occurrence.

As with so many of these occurrences, American Express extended an offer of two years’ worth of free credit-monitoring and identity protection services. (Orbitz is offering one year of complimentary credit monitoring and identity protection services.)

And American Express told me they’ve boosted their fraud-monitoring activity on affected accounts.

And reminded me that I’m not responsible for fraudulent charges that show up on my Platinum card.

And suggested that I report suspected fraud involving the Platinum card.

And recommended that I sign up for alerts that tip me off about potential fraud.

“Affected customers should remain vigilant in regularly reviewing and monitoring all of their account statements and credit history to guard against any unauthorized transactions or activity,” Orbitz says in its notice about the data breach.

Orbitz adds that affected customers should check their credit reports, providing the names and contact information for the three credit-reporting bureaus.

The moral of this story: Guard your card data

Don’t get me wrong: I appreciate American Express (and, by association, Orbitz) notifying me about the cyberattack and how to respond to it. I expect that kind of transparency. Plus, American Express’s message did ease my mind a bit by reporting that the company’s own platforms were not compromised.

But amid a seemingly growing string of breaches and hacks related to credit cards, it’s hard for me to be alarmed. Nowadays, such incidents do not feel out of the ordinary.

Sadly, these incidents feel like the “new normal.” Orbitz says it “regrets any inconvenience caused by this incident” — a phrase that mirrors so many others expressed in the aftermath of such incidents.

All that being said, none of us can let our guard down when it comes to protecting the security of our credit card information. Every one of us who has a credit card now is a cybercop, of sorts.

See related: Data breach protection: 10 tips, Why you should sign up for mobile alerts about card fraud, How to detect card fraud and identity theft

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, we ask that you do not disclose confidential or personal information such as your bank account numbers, social security numbers, etc. Keep in mind that anything you post may be disclosed, published, transmitted or reused.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.