Expedia
Company Details
Linkedin ID:
expedia
Website:
Employees number:
None employees
Number of followers:
234
NAICS:
5615
Industry Type:
Homepage:
expedia.com
IP Addresses:
0
Company ID:
EXP_2829882
Scan Status:
In-progress
Expedia Company CyberSecurity Posture
expedia.com
Expedia is one of the world's leading full-service travel brands, helping travelers get the most out of every trip they take by making the travel process seamless. With Expedia, travelers can plan and book flights, hotels, vacation packages, and car rentals in one complete marketplace. Expedia offers intelligent tools, personalized recommendations, and a booking experience that saves you money – making it easier to explore the world. Use our mobile app or visit www.expedia.com to start your next adventure. Why choose Expedia? Expedia is your all-in-one travel shop, providing access to a large inventory of flights, hotels, vacation packages, activities and car rentals, with savings for every part of your trip.Our smart recommendation and comparison tools make for thoughtful travel planning. And with Expedia, you can bundle now or later and still get savings towards your trip, for a travel planning experience that moves with you. For Partners Expedia connects travel businesses with millions of engaged travelers worldwide. Our partner solutions help hotels, airlines, and service providers grow bookings, optimize visibility, and deliver exceptional guest experiences. Expedia is the flagship travel brand of Expedia Group.
Expedia A.I CyberSecurity Scoring
Expedia Risk Score (AI oriented)Between 750 and 799
Expedia
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Expedia Global Score (TPRM)XXXX
Expedia
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Expedia Company CyberSecurity News & History
Past Incidents
3
Attack Types
1
Expedia Group
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: Orbitz, a subsidiary of online travel agency Expedia Inc EXPE.O, said hackers may have accessed personal information from about 880,000 payment cards. The breach had occurred between Jan. 1, 2016 and Dec. 22, 2017 for its partner platform and between Jan. 1, 2016, and June 22, 2016, for its consumer platform. Information such as names, phone numbers, email and billing addresses have been accessed. For U.S. customers, social security numbers were not involved in this incident, the company said. The company said it has addressed the breach after it was discovered in March this year. Credit card issuer American Express Co AXP.N said in a statement that the attack did not compromise its platforms. Expedia’s shares fell as much as 1.9 percent to $108.99.
Expedia Group, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: On March 2, 2022, Expedia Group, Inc. disclosed a data breach that occurred on **March 24, 2021**, impacting **three individuals** whose **credit card information** was potentially compromised. The incident was categorized under the type '**Other**' in the breach classification. While the scale of the breach was limited—affecting only a small number of customers—Expedia responded by offering **12 months of identity theft protection services** through its **Expedia IdentityWorks** program to mitigate potential risks. The breach did not involve large-scale data exfiltration, systemic financial fraud, or broader reputational damage beyond the immediate notification and remediation efforts. No evidence suggested the compromised data was used for fraudulent activities, and the company’s operational continuity remained unaffected. The incident primarily highlighted vulnerabilities in payment data security, though the impact was confined to a minimal subset of users without escalating into wider systemic consequences.
trivago
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Nearly 300,000 Israelis' personal information was made public by an Iranian hacker organization targeting websites for Israeli travelers. The compromised information includes ID numbers, addresses, credit card details, and more from Israeli travel sites. The security of more than 20 travel-related websites was hacked, including hotel4u.co.il, hotels.co.il, isrotel.com, minihotel.co.il, trivago.co.il, and danhotels.com. They sent the data breach letters to all affected and asked them to be alerted.
Expedia Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Expedia
Incidents vs Travel Arrangements Industry Average (This Year)
No incidents recorded for Expedia in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Expedia in 2025.
Incident Types Expedia vs Travel Arrangements Industry Avg (This Year)
No incidents recorded for Expedia in 2025.
Incident History — Expedia (X = Date, Y = Severity)
Expedia cyber incidents detection timeline including parent company and subsidiaries
Expedia Company Subsidiaries
Expedia is one of the world's leading full-service travel brands, helping travelers get the most out of every trip they take by making the travel process seamless. With Expedia, travelers can plan and book flights, hotels, vacation packages, and car rentals in one complete marketplace. Expedia offers intelligent tools, personalized recommendations, and a booking experience that saves you money – making it easier to explore the world. Use our mobile app or visit www.expedia.com to start your next adventure. Why choose Expedia? Expedia is your all-in-one travel shop, providing access to a large inventory of flights, hotels, vacation packages, activities and car rentals, with savings for every part of your trip.Our smart recommendation and comparison tools make for thoughtful travel planning. And with Expedia, you can bundle now or later and still get savings towards your trip, for a travel planning experience that moves with you. For Partners Expedia connects travel businesses with millions of engaged travelers worldwide. Our partner solutions help hotels, airlines, and service providers grow bookings, optimize visibility, and deliver exceptional guest experiences. Expedia is the flagship travel brand of Expedia Group.
Loading...
Expedia Similar Companies
Costa Crociere S.p.A.
Costa belongs to the Carnival Corporation & plc Group, listed on the London and New York stock exchanges, the largest cruise company in the world. Costa, the only Italian cruise company flying the Italian flag, has been sailing the world’s seas for more than 75 years, offering its guests a differe
Hertz
Hertz is one of the world’s largest mobility companies, and through its indirect subsidiary, The Hertz Corporation, operates the Hertz, Dollar, and Thrifty vehicle rental brands throughout North America, Europe, the Caribbean, Latin America, Africa, the Middle East, Asia, Australia, and New Zealand.
MSC Cruises
Headquartered in Geneva, Switzerland, MSC Cruises is the world’s third largest cruise lines and the market leader in Europe, South America, the Middle East and Southern Africa, with a strong and growing presence in North America and the Far East. The MSC Cruises fleet consists of 22 modern ships wi
BCD Travel
BCD Travel helps companies travel smart and achieve more. We drive program adoption, cost savings and talent retention through digital experiences that simplify business travel. Our 15,000+ dedicated team members service clients in 170+ countries as we shape a sustainable future for business travel.
CWT
CWT is a global business travel and meetings specialist, with whom companies and governments partner to keep their people connected, in traditional business locations and some of the most remote and inaccessible parts of the globe. A private company – owned through funds managed by a group of leadin
Enterprise Mobility
At Enterprise Mobility™ we are paving a new way forward by creating better experiences for how we move. We give people around the world the ability to connect in ways that suit their unique needs. It’s a bold idea that has defined our purpose-led, people-first organization for over 65 years, and it’
Norwegian Cruise Line Holdings Ltd.
Norwegian Cruise Line Holdings Ltd. (NYSE: NCLH) is a leading global cruise company which operates Norwegian Cruise Line, Oceania Cruises and Regent Seven Seas Cruises. With a combined fleet of 32 ships and approximately 66,500 berths, NCLH offers itineraries to approximately 700 destinations worl
Since our founding in 1972, Carnival Cruise Line — "The World’s Most Popular Cruise Line®” — carries millions of passengers every year. We offer a fun and unique career destination for a wide range of professionals in Marketing, IT, Accounting/Audit, Finance, Marine Operations and Human Resources, j
At Royal Caribbean Group, we deliver unforgettable vacations to guests who trust us with life’s greatest moments. We build the best ships, and even better careers, all while doing the right thing. We are passionate. We are innovative. We are unstoppable. We open the world to our employees. Your jour
.png)
Expedia CyberSecurity News
December 13, 2025 12:11 AM
A comprehensive list of 2025 tech layoffs
The tech layoff wave is still kicking in 2025. Last year saw more than 150,000 job cuts across 549 companies, according to independent...
December 10, 2025 02:15 PM
Expedia Group Announces Agreement to Acquire Tiqets to Expand Global Activities and Experiences
SEATTLE, December 10, 2025--Expedia Group today announced it has entered into an agreement to acquire Tiqets, an Amsterdam-based global...
December 09, 2025 01:00 PM
Former Medio, Amazon and Expedia leaders launch new AI-focused investment firm
From left: Yotam Avrahami, Brian Lent, and John Kim. (VQ Capital Photo). Veteran tech operators with ties to Seattle are launching a new...
November 12, 2025 08:00 AM
Phishing Attack Impersonates Travel Brands Using 4,300 Malicious Domains
A Russian-speaking threat actor has orchestrated an extensive phishing campaign that has registered over 4300 malicious domains targeting...
November 12, 2025 08:00 AM
Massive Phishing Attack Impersonate as Travel Brands Attacking Users with 4,300 Malicious Domains
Global phishing scam uses 4300 fake travel sites posing as hotel bookings to steal payment card data from unsuspecting travelers.
November 10, 2025 08:00 AM
Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware
Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers...
November 07, 2025 08:00 AM
“I Paid Twice” Scam Infects Booking.com Users with PureRAT via ClickFix
Sekoia, a cyber threat detection and response specialist, has released details on a widespread and ongoing cybercrime operation that first...
November 07, 2025 08:00 AM
Expedia shares jump on strong bookings from business clients
(Reuters) -Shares of Expedia rose 15% on Friday after the online travel agent forecast higher 2025 revenue and margin growth, banking on...
November 07, 2025 08:00 AM
Expedia raises 2025 revenue growth forecast on strong US business
(Reuters) -Online travel platform Expedia (EXPE) boosted its forecast for 2025 revenue growth, after beating Wall Street estimates for...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Expedia CyberSecurity History Information
Official Website of Expedia
The official website of Expedia is http://www.expedia.com.
Expedia’s AI-Generated Cybersecurity Score
According to Rankiteo, Expedia’s AI-generated cybersecurity score is 786, reflecting their Fair security posture.
How many security badges does Expedia’ have ?
According to Rankiteo, Expedia currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Expedia have SOC 2 Type 1 certification ?
According to Rankiteo, Expedia is not certified under SOC 2 Type 1.
Does Expedia have SOC 2 Type 2 certification ?
According to Rankiteo, Expedia does not hold a SOC 2 Type 2 certification.
Does Expedia comply with GDPR ?
According to Rankiteo, Expedia is not listed as GDPR compliant.
Does Expedia have PCI DSS certification ?
According to Rankiteo, Expedia does not currently maintain PCI DSS compliance.
Does Expedia comply with HIPAA ?
According to Rankiteo, Expedia is not compliant with HIPAA regulations.
Does Expedia have ISO 27001 certification ?
According to Rankiteo,Expedia is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Expedia
Expedia operates primarily in the Travel Arrangements industry.
Number of Employees at Expedia
Expedia employs approximately None employees people worldwide.
Subsidiaries Owned by Expedia
Expedia presently has no subsidiaries across any sectors.
Expedia’s LinkedIn Followers
Expedia’s official LinkedIn profile has approximately 234 followers.
NAICS Classification of Expedia
Expedia is classified under the NAICS code 5615, which corresponds to Travel Arrangement and Reservation Services.
Expedia’s Presence on Crunchbase
No, Expedia does not have a profile on Crunchbase.
Expedia’s Presence on LinkedIn
Yes, Expedia maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/expedia.
Cybersecurity Incidents Involving Expedia
As of December 22, 2025, Rankiteo reports that Expedia has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Expedia has an estimated 4,816 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Expedia ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Expedia detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with sent data breach letters to all affected and asked them to be alerted., and remediation measures with offered 12 months of identity theft protection via expedia identityworks..
Incident Details
Can you provide details on each incident ?
Title: Orbitz Data Breach
Description: Hackers may have accessed personal information from about 880,000 payment cards.
Date Detected: March 2018
Type: Data Breach
Title: Data Breach of Israeli Travel Websites
Description: Nearly 300,000 Israelis' personal information was made public by an Iranian hacker organization targeting websites for Israeli travelers.
Type: Data Breach
Attack Vector: Website Hacking
Threat Actor: Iranian Hacker Organization
Title: Expedia Group Data Breach (2021)
Description: The Maine Office of the Attorney General reported that Expedia Group, Inc. announced a data breach potentially affecting the credit card information of 3 individuals. Identity theft protection services were offered for 12 months through Expedia IdentityWorks.
Date Detected: 2022-03-02
Date Publicly Disclosed: 2022-03-02
Type: Other
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach EXP16239622
Data Compromised: Names, Phone numbers, Email addresses, Billing addresses
Payment Information Risk: ['payment card information']
Incident : Data Breach TRI946171122
Data Compromised: Id numbers, Addresses, Credit card details
Systems Affected: hotel4u.co.ilhotels.co.ilisrotel.comminihotel.co.iltrivago.co.ildanhotels.com
Incident : Other EXP1014091725
Data Compromised: Credit card information
Identity Theft Risk: Yes (protection services offered)
Payment Information Risk: Yes
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Phone Numbers, Email Addresses, Billing Addresses, Payment Card Information, , Id Numbers, Addresses, Credit Card Details, , Credit Card Information and .
Which entities were affected by each incident ?
Incident : Data Breach EXP16239622
Entity Name: Orbitz
Entity Type: Subsidiary
Industry: Online Travel Agency
Customers Affected: 880000
Incident : Data Breach TRI946171122
Entity Type: Travel Websites
Industry: Travel
Location: Israel
Customers Affected: 300000
Incident : Other EXP1014091725
Entity Name: Expedia Group, Inc.
Entity Type: Corporation
Industry: Travel & Hospitality
Location: Seattle, Washington, USA
Customers Affected: 3
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach TRI946171122
Communication Strategy: Sent data breach letters to all affected and asked them to be alerted.
Incident : Other EXP1014091725
Remediation Measures: Offered 12 months of identity theft protection via Expedia IdentityWorks
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach EXP16239622
Type of Data Compromised: Names, Phone numbers, Email addresses, Billing addresses, Payment card information
Number of Records Exposed: 880000
Personally Identifiable Information: namesphone numbersemail addressesbilling addresses
Incident : Data Breach TRI946171122
Type of Data Compromised: Id numbers, Addresses, Credit card details
Number of Records Exposed: 300000
Personally Identifiable Information: ID numbersaddresses
Incident : Other EXP1014091725
Type of Data Compromised: Credit card information
Number of Records Exposed: 3
Sensitivity of Data: High
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Offered 12 months of identity theft protection via Expedia IdentityWorks, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Other EXP1014091725
Regulatory Notifications: Maine Office of the Attorney General
References
Where can I find more information about each incident ?
Incident : Data Breach EXP16239622
Source: Orbitz Disclosure
Incident : Other EXP1014091725
Source: Maine Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Orbitz Disclosure, and Source: Maine Office of the Attorney General.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Sent data breach letters to all affected and asked them to be alerted..
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Other EXP1014091725
Customer Advisories: Offered 12 months of identity theft protection via Expedia IdentityWorks
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Offered 12 Months Of Identity Theft Protection Via Expedia Identityworks and .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Iranian Hacker Organization.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on March 2018.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2022-03-02.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, phone numbers, email addresses, billing addresses, , ID numbers, addresses, credit card details, , credit card information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was hotel4u.co.ilhotels.co.ilisrotel.comminihotel.co.iltrivago.co.ildanhotels.com.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were ID numbers, email addresses, credit card details, credit card information, billing addresses, phone numbers, names and addresses.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.2K.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Orbitz Disclosure and Maine Office of the Attorney General.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Offered 12 months of identity theft protection via Expedia IdentityWorks.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyDevs TempTool allows Stored XSS.This issue affects TempTool: from n/a through 1.3.1.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tormorten WP Microdata allows Stored XSS.This issue affects WP Microdata: from n/a through 1.0.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool allows Retrieve Embedded Sensitive Data.This issue affects TempTool: from n/a through 1.3.1.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description
A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 9.0
Severity: LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1201/SetIpBind/SetIpBind.md
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1201/SetIpBind/SetIpBind.md#reproduce
- https://vuldb.com/?ctiid.337689
- https://vuldb.com/?id.337689
- https://vuldb.com/?submit.719154
- https://www.tenda.com.cn/
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=expedia' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
