American Express said today that it has recently been alerted by Expedia that certain customers who used Expedia’s Orbitz platform from January 1, 2016 through December 22, 2017 may have been victims of a cyber attack. The attack involved an Orbitz platform which serves as the underlying booking engine for many online travel websites, including Amextravel.com and travel booked through Amex Travel Representatives.
This was not an attack on, and did not compromise, American Express Global Business Travel or the American Express platforms that Card Members use to manage their American Express Card accounts.
As announced earlier today, Expedia has reported that certain transactions containing personal information made on the Orbitz platform during this time period may have been accessed by an attacker. Expedia also informed the company that the platform has been remediated.
American Express monitors its Card Member accounts for unusual activity and will be elevating fraud monitoring for those accounts that might have been impacted by the Orbitz attack. American Express will be reaching out to its impacted travel customers to provide additional information and support, including two years of complimentary credit monitoring and identity protection services.
As always, American Express encourages customers to monitor their card accounts, and if they see any suspicious activity, immediately contact the number on the back of their card. Card Members can enroll for alerts that will notify them of potentially fraudulent activity at americanexpress.com/alerts or through the settings on the American Express smart phone app. Notifications can be received via text messages, through push notifications via the smart phone app and email. Customers can also call the number on the back of their cards for additional support or information.