Travel booking website Orbitz has announced that it discovered a potential data breach that exposed information for thousands of customers, as reported by Engadget. The incident, discovered by the company on March 1st, may have exposed information tied to about 880,000 credit cards.

The consumer data in question is from an older booking platform, where information may have been accessed between October and December 2017. Orbitz partner platform data, such as travel booked via Amex Travel, submitted between January 1st, 2016 and December 22nd, 2017 may have also been compromised. The Expedia-owned company says that names, payment card information, dates of birth, email addresses, physical billing addresses, gender, and phone numbers may have been accessed, but it doesn’t yet have “direct evidence” that any information was taken from the website.

There have been many mass data breaches over the past year: OnePlus said up to 40,000 customers were affected by a breach in January that resulted in the company temporarily shutting down credit card payments for its online store, a Verizon partner data breach exposed millions of customer records, a Yahoo breach impacted all 3 billion user accounts, and 143 million people had personal information stolen from Equifax. Even Chipotle experienced a malware that stole customer credit card information from restaurants in every state the chain operates in.

Orbitz said it worked with a forensic investigation firm, cybersecurity experts, and law enforcement once the breach was discovered in order to “eliminate and prevent unauthorized access to the platform.” The company says its current site, Orbitz.com, wasn’t affected. It is notifying customers who may have been impacted and is offering a year of free credit monitoring.