FILE PHOTO: A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration/File photo

(Reuters) - Orbitz, a subsidiary of online travel agency Expedia Inc EXPE.O, said on Tuesday that hackers may have accessed personal information from about 880,000 payment cards.

The unit said an investigation showed that the breach may have occurred between Jan. 1, 2016 and Dec. 22, 2017 for its partner platform and between Jan. 1, 2016 and June 22, 2016 for its consumer platform.

Information such as names, phone numbers, email and billing addresses may have been accessed, the travel website operator said, adding that its website, Orbitz.com, was not impacted.

“To date, we do not have direct evidence that this personal information was actually taken from the platform and there has been no evidence of access to other types of personal information, including passport and travel itinerary information,” Orbitz said.

For U.S. customers, social security numbers were not involved in this incident, the company said.

The company said it has addressed the breach after it was discovered in March this year.

Credit card issuer American Express Co AXP.N said in a statement that the attack did not compromise its platforms.

The breach is the latest in the travel sector and follows attacks on global hotel chain InterContinental Hotels Group Plc IHG.L and Hyatt Hotels Corp H.N last year.

Expedia’s shares fell as much as 1.9 percent to $108.99.