Expedia Group, Inc.

On March 2, 2022, Expedia Group, Inc. disclosed a data breach that occurred on **March 24, 2021**, impacting **three individuals** whose **credit card information** was potentially compromised. The incident was categorized under the type '**Other**' in the breach classification. While the scale of the breach was limited—affecting only a small number of customers—Expedia responded by offering **12 months of identity theft protection services** through its **Expedia IdentityWorks** program to mitigate potential risks. The breach did not involve large-scale data exfiltration, systemic financial fraud, or broader reputational damage beyond the immediate notification and remediation efforts. No evidence suggested the compromised data was used for fraudulent activities, and the company’s operational continuity remained unaffected. The incident primarily highlighted vulnerabilities in payment data security, though the impact was confined to a minimal subset of users without escalating into wider systemic consequences.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/9a23a6fa-b5d3-4521-a318-7f507985e950.shtml

TPRM report: https://www.rankiteo.com/company/expedia

"id": "exp1014091725",
"linkid": "expedia",
"type": "Breach",
"date": "3/2021",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'customers_affected': 3,
                        'industry': 'Travel & Hospitality',
                        'location': 'Seattle, Washington, USA',
                        'name': 'Expedia Group, Inc.',
                        'type': 'Corporation'}],
 'customer_advisories': ['Offered 12 months of identity theft protection via '
                         'Expedia IdentityWorks'],
 'data_breach': {'number_of_records_exposed': 3,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['credit card information']},
 'date_detected': '2022-03-02',
 'date_publicly_disclosed': '2022-03-02',
 'description': 'The Maine Office of the Attorney General reported that '
                'Expedia Group, Inc. announced a data breach potentially '
                'affecting the credit card information of 3 individuals. '
                'Identity theft protection services were offered for 12 months '
                'through Expedia IdentityWorks.',
 'impact': {'data_compromised': ['credit card information'],
            'identity_theft_risk': 'Yes (protection services offered)',
            'payment_information_risk': 'Yes'},
 'references': [{'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'response': {'remediation_measures': ['Offered 12 months of identity theft '
                                       'protection via Expedia IdentityWorks']},
 'title': 'Expedia Group Data Breach (2021)',
 'type': 'Other'}

Expedia Group, Inc.

Coupang: Coupang hit with shareholder class action in US over data breach response

Sentry Advisors and LLC: Sentry Advisors Data Breach Exposes Names & SSNs

PornHub: Pornhub data breach: Hackers steal premium user activity logs