Orbitz, a subsidiary of Expedia, has revealed that the consumer data of up to 880,000 payment cards may have been accessed by a hacker.

Discovery of the possible data breach occurred as Orbitz was investigating an older platform; the new Orbitz.com platform does not appear to be affected.

The Wall Street Journal reports, “The hacker could have had access to data on purchases made between January 2016 and December of last year, including birthdays, addresses, full names and payment card information.” The good news, according to the Wall Street Journal, is that the company reports that passport or travel itinerary information does not seem to have been compromised. And, the platform does not store social security information on U.S. customers.

Get the full story at the Wall Street Journal.