A global travel technology company has confirmed a breach has affected at least some of the many bookings that passed through its reservations system.
Sabre Corp., whose Global Distribution System helps travel agents around the world arrange bookings with more than 400 airlines, 220,000 hotels, 42 car rental companies, 38 rail providers, and 17 cruise lines, filed a quarterly report with the United States Securities and Exchange Commission (SEC) on 2 May.
In its filing, the Southlake, Texas-based technology corporation revealed it’s currently investigating an incident by which an unauthorized party gained access to some of the bookings that passed through its SynXis Central Reservations system.
This solution is deployed at more than 32,000 properties, according to Sabre’s marketing literature.
It’s not clear what caused this unauthorized access at this time.
Sabre says there’s a chance the attackers exposed and/or stole customers’ personally identifiable information (PII), payment card information (PCI), and other details. With 32,000 locations potentially affected, the magnitude of this breach could be huge. The company is therefore not ruling out the possibility of incurring liabilities as a result of this incident.
Sabre is in the process of responding to the breach. As it explains in its filing:
“The unauthorized access has been shut off, and there is no evidence of continued unauthorized activity at this time. We have retained expert third-party advisors to assist in the investigation and are working with law enforcement.”
Security blogger Brian Krebs notes the company is working with Mandiant, a well-known security firm whose CEO found himself targeted by computer criminals back in 2013.
By no means is this the first breach to strike the hospitality industry. Credit-card stealing malware struck the Hyatt, Marriott, Sheraton, Hilton, and Starwood hotel chains back in 2015. As a result, travelers are all too familiar with this type of incident.
For those who could find themselves on the receiving end of a bookings breach notification for the first time, they should carefully watch their credit reports for signs of fraud. They should also contact Sabre with any questions they might have.
As it learns more about the incident, the company will no doubt be able to help answer customers’ questions and provide a more accurate picture of whom the breach likely affected.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.