Data Breach in Sabre: Hotel reservation information intruded

Sabre Corporation, a top notch IT solution provider for airlines and hotel companies, has revealed a breach in its hospitality solution SynXis central reservation system which may have exhibited consumers’ payment card data and personally identifiable information.

According to its quarterly reports, an unauthorized party, who gained access to payment information corresponding to a subset of hotel reservations, has accessed the SynXis software-as-a-service platform.

Sabre did not mention when or how the intrusion took place nor did it disclose the number of affected records.

The company reported that unauthorized access is now arrested and there was no evidence of continued unauthorized activity.
Also, there was no reason to believe that any other sabre systems beyond Synxis central reservations had been affected.

The SynXis Central Reservations solution gains distribution, operations, retailing and guest experience. Likewise 36,000 hotel properties depend on this technology. Recent victims include Hyatt Hotels Corp, InterContinental Hotels Group, Kimpton Hotels and Restaurants, Omni Hotels & Resorts and Rosen Hotels & Resorts.

" Sabre, like many other organizations, enables access to its system with only a username and static password, both something one knows &ndash a.k.a. single factor authentication," said McGrath in emailed comments.

" The compromised Sabre system, according to its website, offers ' seamless connectivity to over 120 property management, seven revenue management, seven CRM and 18 content management solutions,' yielding another 152 potential applications this single successful attack could expose to the cybercriminals," Hill speculated in a statement.

Tag : Breach-vulnerability
FAQ
Q
what are Four Seasons said to breach in sabre?
A
Four Seasons said this was a breach of the Sabre system and that “many” hotel properties and “travel partners” were impacted by the incident.

Sabre said the issue has been contained and that unauthorized access to the guest information is no longer possible, but that some data may have been compromised. Sabre’s own investigation of the incident didn’t show any evidence that the unauthorized party removed any information from the system, but it remains a possibility.

Four Seasons Hotels and Resorts and Trump Hotels are not the only companies to be impacted by this particular breach. A separate release issued by Sabre on July 5 noted “certain customers and partners that use or interact with Sabre Hospitality Solutions’ SynXis Central Reservations System, and noted some travel management companies and travel agencies may also have been impacted.”
Q
what sabre said to breach?
A
Sabre said the issue has been contained and that unauthorized access to the guest information is no longer possible, but that some data may have been compromised. Sabre’s own investigation of the incident didn’t show any evidence that the unauthorized party removed any information from the system, but it remains a possibility.
Q
where should the Affected customers should remain vigilant?
A
Affected customers should remain vigilant for incidents of fraud and identity theft by regularly reviewing account statements and monitoring free credit reports for any unauthorized activity. If you discover any suspicious or unusual activity on your accounts, be sure to report it immediately to your financial institutions and issuers of your credit or debit card, as payment card brands have rules that restrict them from requiring you to pay for fraudulent charges if they are timely reported.
Q
why data breach did not involve any systems at the Hotel or any information that guests provided to us directly?
A
We are currently working with Sabre to ensure they evaluate and improve their data security in the wake of the incident, and we are notifying affected guests about the incident so that they can take appropriate precautions. Sabre has advised us that it has already notified law enforcement, the major credit bureaus and the payment card brands about the incident.
Q
what spokesperson for Sabre told ?
A
A spokesperson for Sabre told Skift “less than 15 percent of the average daily bookings on the SynXis reservation system during that time period were viewed.”

Reservations made on FourSeasons.com, with the Four Seasons global reservations office, or made directly with any of Four Seasons’ 105 hotels or resorts were not compromised by this incident, the company said.