Expedia subsidiary Orbitz said on Tuesday that about 880,000 payment cards had been impacted by a security breach that potentially exposed customers' information to hackers.
The travel booking site said an investigation determined that an attacker may have accessed personal information of people who made purchases between Jan. 1, 2016 and December 22, 2017.
The "data security incident" impacts around 880,000 payment cards, the company said in a statement.
The personal information potentially exposed includes credit card information, addresses and phone numbers of customers but not the Social Security numbers of U.S. customers, Ortbiz said. The investigation also has not found evidence of unauthorized access to passport and travel itinerary information.
Orbitz said it was working to notify impacted customers and partners.