An Orbitz spokesperson said the platform in question was part of Orbitz when it was acquired by Expedia Inc. in 2015. Orbitz has since migrated to the Expedia platform, which was not affected by the breach. An attacker could have had access to full name, payment card information, date of birth, phone number, email address, physical address and gender, but Orbitz said "to date, we do not have direct evidence that this personal information was actually taken from the platform." No evidence was found of unauthorized access to other data, like itinerary or passport information. Get the full story at Travel Weekly