[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Orbitz investigates security breach
From:       InfoSec News <isn () c4i ! org>
Date:       2003-10-30 10:02:06
[Download RAW message or body]

http://news.com.com/2100-1038-5098644.html

By Alorie Gilbert 
Staff Writer, CNET News.com
October 28, 2003

Online travel agency Orbitz has notified law enforcement authorities
about a recent security breach that has resulted in its customers'
e-mail addresses falling into the hands of spammers, an Orbitz
representative confirmed Tuesday.

"A small number of customers have informed us that they have received
spam or junk e-mail from an unknown party that apparently used
unauthorized and/or illegal means to obtain their e-mail addresses
used with Orbitz," spokeswoman Carol Jouzaitis said in a statement.  
"There is no evidence that customer password or account information
has been compromised."

Orbitz found no indication that credit card information had been
compromised, Jouzaitis added.

Orbitz became aware of the problem "in the last day or so," Jouzaitis
said.

The Chicago-based company has informed the FBI of the information leak
and has launched its own internal investigation with a team of
security experts, said Jouzaitis.

"We will aggressively pursue all individuals who may have been
involved," Jouzaitis said in her statement. She declined to provide
any further information on the nature of the breach.

Orbitz' privacy policy states that the company does not disclose
customers' personal information, including e-mail addresses, to
third-party advertisers unless customers authorize it to do so. The
company says that permission process is separate from any permissions
customers provide during the registration process.

One CNET News.com reader said spam messages began trickling in on
Sunday to an e-mail address that the reader had given only to Orbitz.  
The offending e-mail was completely unrelated to Orbitz or airline
travel, the reader said.

"I did not give them permission to share my personal data, and I did
opt out of receiving their ads during the registration process, as I
always do," said the reader, who wished to remain anonymous. "Plus,
they already admitted in their e-mails to me that they are aware that
there was a problem and that my info should not have been
divulged--now the question is: What happened and how severe of a
problem is it?"

Several other apparent Orbitz members aired similar complaints about
Orbitz and spam on Google's Usenet discussion forum and on the
BroadbandReports.com discussion board on Monday.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@attrition.org with 'unsubscribe isn'
in the BODY of the mail.
[prev in list] [next in list] [prev in thread] [next in thread]