Cyber Alert: Orbitz Data Breach Affects 880,000 Credit Cards; OCR Investigating Healthcare Company’s 2016 Data Breach

March 23, 2018

This advisory contains information about the Orbitz data breach and the OCR's investigation of a healthcare company's data breach.

Orbitz Data Breach Affects 880,000 Credit Cards

On March 20, 2018, the online travel booking company Orbitz announced that 880,000 payment cards may have been compromised in a breach that occurred between January and June of 2016 (for Orbitz platform customers) and between January 2016 and December 2017 (for certain partners’ customers). The data accessed likely includes names, payment card information, birth dates, email addresses, phone numbers, and physical addresses. Upon discovering the incident, Orbitz launched an investigation to remediate the issue and quickly eliminate unauthorized access to their platform. Orbitz is offering one year of complimentary credit monitoring and identity protection services to affected customers.

Many business travel agencies, such as American Express, use Orbitz as their underlying travel booking provider, including American Express Travel. If your firm books business travel through a travel agency, ACA Aponix recommends confirming whether Orbitz was used as the underlying processor.

For more information, see the Orbitz's notice.

OCR Investigating Healthcare Company’s 2016 Data Breach

The U.S Department of Health and Human Services’ Office of Civil Rights (OCR) is investigating an Arizona-based healthcare company after the company’s 2016 data breach exposed the personal information of over 3.7 million patients, members, and beneficiaries. The incident, which began on June 17, 2016, compromised data such as names, birth dates, addresses, health insurance information, and social security numbers. After discovering the breach, the healthcare company took steps to remove the malware that led to the breach, improve their network security, and notify affected individuals. Since the breach, the company has been the recipient of 9 class action lawsuits and may be fined by OCR.

For more information, see:

ACA Aponix Guidance

ACA Aponix recommends taking the following precautionary measures to prevent data breaches:

  • Be wary of identity theft, scams, and inbound phone calls that reference any of this data.
  • Monitor your credit score, credit card statements, and bank accounts for any suspicious activity.
  • Place a security freeze on your credit report with credit bureaus.
  • Avoid using the exposed information as part of security validation questions.

If you have any questions, please contact your ACA Aponix consultant or email us at