SABRE SAID IT has plugged the data leak in its online reservation system. The company discovered evidence of a breach in May, and alerted customers their guests’ payment card information may have been accessed over an eight-month period.
It eventually found an unauthorized party accessed payment card information “for a limited subset of hotel reservations” on the company’s SynXis Central Reservations system over an eight-month period from August 2016 to March 2017. During that time, the unauthorized viewing included less than 15 percent of the average daily bookings on the SynXis Central Reservation System. Sabre’s system is used by more than 32,000 hotels worldwide.
So far, hotel companies impacted by hack have been identified as Hard Rock Hotels, Trump Hotels, Four Seasons Hotels & Resorts, Red Lion Hotels Corp. and Kimpton Hotels & Restaurants.
Google has also been victimized as employees were notified their personal financial data may have been accessed. Google said it learned of the breach in mid-June from Carlson Wagonlit Travel, which Google uses to book travel for its employees. Sabre said in a statement that some travel management companies have been impacted.
Not every hotel under the companies’ umbrellas have been hacked, nor was every reservation, Sabre said. “Not all reservations that were viewed included the payment card security code, as a large percentage of bookings were made without a security code being provided. Personal information such as social security, passport or driver’s license number was not accessed,” Sabre said. “Our investigation did not uncover forensic evidence that the unauthorized party removed any information from the system, but it is a possibility.”
The company said it has blocked further access by the unauthorized party. The hotel companies have notified guests who made reservations on the SynXis system during the time of the breach to monitor their payment cards and bank accounts for suspicious activity.
RLHC said reservations at its Americas Best Value Inn, Canadas Best Value Inn, Jameson, Lexington, Signature Inn, Country Hearth, 3 Palms and America’s Best Inns properties were affected. Hard Rock said reservations at its Hard Rock Hotel Chicago, Hard Rock Hotel & Casino Biloxi in Mississippi, Hard Rock Hotel Cancun in Mexico, Hard Rock Hotel & Casino Las Vegas, and Hard Rock Hotel Palm Springs and Hard Rock Hotel San Diego in California were affected by the breach. Kimpton, Trump Hotels and Four Seasons did not specify which of its properties were involved.
Sabre has established a general consumer information site at http://sabreconsumernotice.com/.