AG Josh Shapiro reaches settlement with Expedia and Orbitz in 2018 data breach

Attorney General Josh Shapiro announced on Friday, he reached a settlement with two online travel reservation companies after they potentially exposed information of thousands of people, including Pennsylvanians.

The settlement follows an investigation led by Deputy Attorney General Timothy R. Murphy, into a data breach in 2018 involving Orbitz and its parent company, Expedia.

In March of that year, Orbitz announced the breach may have exposed data for nearly 21,000 customers in Pennsylvania, including 880,000 payment cards globally.

“Someone broke into Orbitz’ IT system and vacationed in what was supposed to be a safe place for travelers. The breach showed the company’s promise to keep customer information secure was more like a leaky boat,” AG Josh Shapiro said. “We work every day to protect Pennsylvania consumers and to seek justice when any company misrepresents itself.”

According to AG Shapiro, Expedia and Orbitz will have to pay $110,000 for Orbitz’ misleading customer privacy policy and failing to practice Expedia’s data security policies.

Read the story here