Travel giant Sabre investigating a data breach that could have exposed payment and customer data tied to bookings processed through its reservations system.
Another day, another data breach, this time the victim is the Travel Tech Giant Sabre that in a SEC filing confirmed it is “investigating an incident involving unauthorized access to payment information contained in a subset of hotel reservations processed through the Sabre Hospitality Solutions SynXis Central Reservation system.”
In its SEC filing, Sabre confirmed that the attackers had been locked out of its systems, anyway we cannot exclude that crooks had accessed personally identifiable information (PII), payment card data, and other information managed by the firm.
“The unauthorized access has been shut off and there is no evidence of continued unauthorized activity,” reads a statement that Sabre sent to affected properties today. “There is no reason to believe that any other Sabre systems beyond SynXis Central Reservations have been affected.”
The impact of the incident could be severe, the SynXis Central Reservation product is a rate and inventory management SaaS application that is currently used by more than 32,000 hotels worldwide.
According to the popular expert Brian Krebs, the company Sabre notified the incident to law enforcement and hired the firm Mandiant to investigate the case.
“Today, travel industry giant Sabre Corp. disclosed what could be a significant breach of payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and other lodging establishments.” wrote Krebs.
This isn’t the first time Sabre suffered a cyber attack, in August 2015, the travel tech giant notified a cyber attack allegedly powered by a Chinese threat actor.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.