Orbitz 880K credit card breach highlights IT's need to protect legacy systems

In the breach, a hacker was able to access two years worth of customer data.

Video: How to use the data breach calculator
Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • Travel site Orbitz discovered a possible data breach affecting 880,000 customer payment cards.
  • The Orbitz breach, wherein a hacker accessed two years worth of data, highlights the need for IT to prioritize security legacy systems.

Travel booking site Orbitz was potentially affected by a data breach that could have put 880,000 customer payment cards at risk, the company disclosed in a statement Tuesday.

A hacker accessed two years worth of data, including names, birthdates, homes addresses, email addresses, and gender information, as reported by our sister site ZDNet. According to the statement, Orbitz has remediated the incident, but the full impact is not yet known.

And where exactly did the attacker gain access to this customer data? It wasn't the current Orbitz.com website, according to the statement, but older legacy systems owned by the company.

SEE: Network security policy (Tech Pro Research)

Today's IT environment is often a mix of new and old, as modern architectures and systems keep businesses on the cutting edge, while older tools often provide a foundation for data and applications. However, that combination also introduces serious risk.

Legacy systems are a reality in most IT environments, but they are also connected to a host of data breaches in the financial sector, healthcare industry, and more. And the recent Orbitz data breach is further evidences that enterprise IT must focus more of its efforts on security legacy systems and protecting the data they hold.

Even though high-profile breaches, like the one seen at Equifax, seem more common every day, these breaches still have a massive impact on a company's bottom line. According to Ponemon data, data breaches can lead to increased customer churn and lower stock prices.

In addition to the brand impact and loss of customer trust, there are also financial consequences. Kaspersky lab data from late 2017 pegged the average enterprise data breach as costing $1.3 million, on average, in North America.

So, how does one stay safe? For starters, always update and patch systems to account for any known flaws. Also, as noted by TechRepublic writer Scott Matteson, companies must determine all relevant laws and regulations, analyze their security tools for weaknesses, have an incident response plan, identify key personnel and responsibilities, and engage in continuous training and education.

If a company is breached, it should follow these steps within the first 48 hours to start the mitigation process.

Also see

Image: iStockphoto/Suebsiri