Popular travel booking Orbitz revealed it has been the target of a major data breach.
In a statement, the Expedia-owned website confirmed it "identified and remediated a data security incident affecting a legacy travel booking platform."
The company found evidence in March that an attacker had access to its legacy systems between October and December last year.
During that period, the hacker accessed customer data from between January 2016 and December 2017. The data includes names, dates of birth, postal and email addresses, gender, and payment care information.
The attacker may have also accessed personal customer data on the company’s consumer platform between January and mid-June 2016, ZDNet reported.
About 880,000 payment cards are affected by the hack, Orbitz revealed.
The company, however, said that it has no direct evidence that said personal information was downloaded from the platform.
"We are working quickly to notify impacted customers and partners," the company said in a statement.
"We are offering affected individuals one year of complimentary credit monitoring and identity protection service in countries where available."
The company confirmed its current website was unaffected by the breach.