Another day, another data breach, this time the victim is the Travel Tech Giant Sabre that in a SEC filing confirmed it is “investigating an incident involving unauthorized access to payment information contained in a subset of hotel reservations processed through the Sabre Hospitality Solutions SynXis Central Reservation system.”
In its SEC filing, Sabre confirmed that the attackers had been locked out of its systems, anyway we cannot exclude that crooks had accessed personally identifiable information (PII), payment card data, and other information managed by the firm.
“The unauthorized access has been shut off and there is no evidence of continued unauthorized activity,” reads a statement that Sabre sent to affected properties today. “There is no reason to believe that any other Sabre systems beyond SynXis Central Reservations have been affected.”
The impact of the incident could be severe, the SynXis Central Reservation product is a rate and inventory management SaaS application that is currently used by more than 32,000 hotels worldwide.
According to the popular expert Brian Krebs, the company Sabre notified the incident to law enforcement and hired the firm Mandiant to investigate the case.
“Today, travel industry giant Sabre Corp. disclosed what could be a significant breach of payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and other lodging establishments.” wrote Krebs.
This isn’t the first time Sabre suffered a cyber attack, in August 2015, the travel tech giant notified a cyber attack allegedly powered by a Chinese threat actor.
In December 2016, the notorious hackers Karsten Nohl and Nemanja Nikodijevic have demonstrated that the current travel booking systems are deeply insecure, they lack cyber security by design.
The experts explained that it is quite easy to modify any passenger’s reservation, cancel their flight bookings, and even use the refunds to book tickets for themselves.
(Security Affairs – Data Breach, Sabre)