"A small number of customers have informed us that they have received spam or junk E-mail from an unknown party that apparently used unauthorized and/or illegal means to obtain their E-mail addresses used with Orbitz," spokeswoman Carol Jouzaitis said in a statement.
There was no evidence customer password or other account information was compromised, she said.
The Chicago-based company, which says it has 18 million users, informed the FBI of the information leak and has launched its own investigation. Jouzaitis declined Wednesday to provide any further information on the breach or what sort of spam was sent.
FBI spokeswoman Cynthia Yates confirmed Orbitz's statement Wednesday.
Orbitz became aware Monday of the information leak, which so far has affected fewer than 50 customers. Jouzaitis recommended that customers who received the spam forward it to spamorbitz.com.
According to the company's policy, Orbitz does not disclose customers' personal information, including E-mail addresses, to advertisers, unless customers authorize it to do so.
Orbitz was started in June 2001 by the five largest U.S. air carriers: American, United, Delta, Northwest, and Continental.