Orbitz, the travel booking entity that is owned by Expedia, has confirmed that it has “identified and remediated a data security incident affecting a legacy travel booking platform.” This means that one of its older websites that are used by customers to book their travel plans was hacked.

The statement says that Orbitz uncovered evidence earlier this month that an attacker had access to the legacy system between October and December of 2017, and the information of travel booking customers was compromised if they made any purchases through the legacy website between January of 2016 and December of 2017. The compromised information included these customers’ names, addresses, dates of birth, email addresses, gender, telephone number, and payment card information.

Orbitz confirmed that 880,000 consumers were affected by the attack, although it says there is no evidence that the personal information of these customers was “downloaded” from the platform. Nonetheless, Orbitz is offering affected individuals free credit monitoring and identity protection services.