data breach solicitors
, ,

Expedia data breach – have your bank details been exposed?

As news reports everywhere discussed the ins and outs of the Facebook/Cambridge Analytica scandal, another data breach was uncovered last month. But, because the details aren’t as juicy as those in the Facebook case, it didn’t quite get as much coverage. So you might not have heard about it.

But, for victims of the Expedia data hack – which may have revealed the information on thousands of payment cards – the consequences could be even worse. So, what exactly happened, and can you make a data protection act compensation claim if your details are at risk?

Expedia data breach – what happened?

In March, travel fare aggregator Orbitz revealed that between January 2016 and December 2017, hackers gained access to users’ personal information. This included names, phone numbers, emails and billing addresses. Orbitz, which is owned by Expedia, offers booking options and deals on flights, accommodation and holiday activities.

The hack, which is believed to have accessed 80,000 accounts wasn’t discovered until March 2018, which left plenty of time for cybercriminals to put this information to illegal use.

A statement by Orbitz said: “To date, we do not have direct evidence that this personal information was actually taken from the platform and there has been no evidence of access to other types of personal information, including passport and travel itinerary information.”

However, that data that has been accessed is extremely personal and could cause serious damage and distress for victims.

Should you be worried?

The information accessed in the Expedia data hack is enough to leave victims open to fraud. So, if you have been affected, you are right to worry about what could happen if this data gets into the wrong hands. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Signs that your data has been used by criminals following a data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

Don’t be fobbed off!

To help protect users, Orbitz has said those affected can access a year of free credit monitoring and identity protection services. But, given the amount of time that has lapsed between the breach and its discovery, this could be too little too late.

Also, while we do recommend using these types of services – particularly following a data breach – you should make sure that by agreeing to any free offers, you are not inadvertently signing away you rights to make a data protection act compensation claim.

Can you make a data protection act compensation claim?

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. You can claim against a wide range of private organisations and businesses already fined by the Information Commissioner’s Office (ICO).

As such, if you want to hold Expedia to account we recommend that you inform the ICO about your concerns ASAP.

You can do this here.

However, while the ICO has the power to impose hefty fines on organisations in breach of their duties, it does not award compensation, So, you should also contact us to claim data protection act compensation.

Start your data protection act compensation claim
At Hayes Connor Solicitors, we make sure you receive the maximum compensation possible in the shortest possible time for any financial, medical harm, anguish and anxiety caused by a data breach. We will also let you know when your claim for data protection act compensation can be made and advise you on what to do while waiting for the investigation’s findings.

With large-scale, high-profile hacks and breaches happening more and more often, something has to be done to make companies accountable for these losses. So, claiming compensation isn’t just in your best interests – it could be the only way to ensure that they implement more secure processes.