[ISN] Orbitz investigates security breach

From: InfoSec News (isn@private)
Date: Thu Oct 30 2003 - 02:02:06 PST

  • Next message: InfoSec News: "Re: [ISN] Security audit"

    http://news.com.com/2100-1038-5098644.html
    
    By Alorie Gilbert 
    Staff Writer, CNET News.com
    October 28, 2003
    
    Online travel agency Orbitz has notified law enforcement authorities
    about a recent security breach that has resulted in its customers'
    e-mail addresses falling into the hands of spammers, an Orbitz
    representative confirmed Tuesday.
    
    "A small number of customers have informed us that they have received
    spam or junk e-mail from an unknown party that apparently used
    unauthorized and/or illegal means to obtain their e-mail addresses
    used with Orbitz," spokeswoman Carol Jouzaitis said in a statement.  
    "There is no evidence that customer password or account information
    has been compromised."
    
    Orbitz found no indication that credit card information had been
    compromised, Jouzaitis added.
    
    Orbitz became aware of the problem "in the last day or so," Jouzaitis
    said.
    
    The Chicago-based company has informed the FBI of the information leak
    and has launched its own internal investigation with a team of
    security experts, said Jouzaitis.
    
    "We will aggressively pursue all individuals who may have been
    involved," Jouzaitis said in her statement. She declined to provide
    any further information on the nature of the breach.
    
    Orbitz' privacy policy states that the company does not disclose
    customers' personal information, including e-mail addresses, to
    third-party advertisers unless customers authorize it to do so. The
    company says that permission process is separate from any permissions
    customers provide during the registration process.
    
    One CNET News.com reader said spam messages began trickling in on
    Sunday to an e-mail address that the reader had given only to Orbitz.  
    The offending e-mail was completely unrelated to Orbitz or airline
    travel, the reader said.
    
    "I did not give them permission to share my personal data, and I did
    opt out of receiving their ads during the registration process, as I
    always do," said the reader, who wished to remain anonymous. "Plus,
    they already admitted in their e-mails to me that they are aware that
    there was a problem and that my info should not have been
    divulged--now the question is: What happened and how severe of a
    problem is it?"
    
    Several other apparent Orbitz members aired similar complaints about
    Orbitz and spam on Google's Usenet discussion forum and on the
    BroadbandReports.com discussion board on Monday.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Oct 30 2003 - 04:32:25 PST