Let’s just say it’s not exactly smooth sailing right now for the online travel and vacation booking company Orbitz. The subsidiary of Expedia revealed last week that one of its websites has been hacked, exposing credit card and personal info of nearly 900K customers. Talk about a bad vacation.

The incident occurred somewhere between October 2016 and December 2017 and the data pirates made away with critical customer information including full names, credit card information, dates of birth, phone numbers and addresses. There is a bright spot though since it’s been confirmed that social security information was not exposed. The company says it has reinforced its cybersecurity program and that customers of the current Orbitz.com are safe.

Customers that bought travel during the affected dates are advised to monitor their credit card statements and report anything suspicious.