Approximately 880,000 card details may have taken flight.

The personal information of approximately 880,000 holidaymakers may have been compromised after details emerged of a hack against popular travel booking website, Orbitz.

Issuing a security alert yesterday, the Expedia subsidiary said it discovered evidence that an attacker may have accessed customer payment card and other information stored on one of its legacy platforms.

Chicago-based Orbitz said the breach took place between January 1, 2016, and December 22, 2017. The current Orbitz.com website was not involved in the incident, the company said.

Given the two-year window of opportunity, Orbitz said approximately 880,000 payment cards were potentially compromised, along with customer names, dates of birth, phone numbers, email and physical addresses, and gender.

“As part of our investigation and remediation work, we brought in a leading third-party forensic investigation firm and other cybersecurity experts, began working with law enforcement, and took swift action to eliminate and prevent unauthorized access to the platform,” the company said.

Orbitz is offering affected individuals one year of complimentary credit monitoring and identity protection service in countries where available.