October 28, 2003 6:35 PM PST

Orbitz investigates security breach

Online travel agency Orbitz has notified law enforcement authorities about a recent security breach that has resulted in its customers' e-mail addresses falling into the hands of spammers, an Orbitz representative confirmed Tuesday.

"A small number of customers have informed us that they have received spam or junk e-mail from an unknown party that apparently used unauthorized and/or illegal means to obtain their e-mail addresses used with Orbitz," spokeswoman Carol Jouzaitis said in a statement. "There is no evidence that customer password or account information has been compromised."

Orbitz found no indication that credit card information had been compromised, Jouzaitis added.

Orbitz became aware of the problem "in the last day or so," Jouzaitis said.

The Chicago-based company has informed the FBI of the information leak and has launched its own internal investigation with a team of security experts, said Jouzaitis.

"We will aggressively pursue all individuals who may have been involved," Jouzaitis said in her statement. She declined to provide any further information on the nature of the breach.

Orbitz' privacy policy states that the company does not disclose customers' personal information, including e-mail addresses, to third-party advertisers unless customers authorize it to do so. The company says that permission process is separate from any permissions customers provide during the registration process.

One CNET News.com reader said spam messages began trickling in on Sunday to an e-mail address that the reader had given only to Orbitz. The offending e-mail was completely unrelated to Orbitz or airline travel, the reader said.

"I did not give them permission to share my personal data, and I did opt out of receiving their ads during the registration process, as I always do," said the reader, who wished to remain anonymous. "Plus, they already admitted in their e-mails to me that they are aware that there was a problem and that my info should not have been divulged--now the question is: What happened and how severe of a problem is it?"

Several other apparent Orbitz members aired similar complaints about Orbitz and spam on Google's Usenet discussion forum and on the BroadbandReports.com discussion board on Monday.


Join the conversation!
Add your comment
security and privacy issues are major legal risks for all companies now, as the grow in size and clout they become even bigger targets with a big red bullseye painted on their backs
Posted by robertrowshan (29 comments )
Reply Link Flag
It is now common to hear these security breaches every time now !
But the thing is it is real pain to the customers so companies have to keep these things in their higher priority list to keep the information of their customers private.me myself doing this with my website "http://www.stlucia.cc"
Posted by Robertwadra (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.