As many as 800,000 payment cards used on Orbitz.com in 2016 may have been breached, Orbtiz’s parent company Expedia said Tuesday.

The online travel agency reported two separate data disclosures.

An attacker may have accessed customers’ personal information for some purchases made on Orbitz.com between Jan. 1, 2016, and June 22, 2016.

In addition, customer information from multiple travel sites that used Orbitz as their booking engine was possibly compromised between Jan. 1 2016, and Dec. 22, 2016.

One of the affected sites was American Express, which in a statement said it was contacting the affected customers.

The breach affected Amextravel.com and travel booked through Amex Travel Representatives. American Express Global Business Travel and the AmericanExpress.com website were not affected, the company said.

https://www.usatoday.com/story/tech/2018/03/20/800-000-orbitz-cards-compromised-breached/442277002/