Sabre issued the following statement regarding a cybersecurity incident first disclosed on May 2, 2017:
Since June 6, Sabre has notified and been working with certain customers and partners that use or interact with Sabre Hospitality Solutions’ (SHS) SynXis Central Reservations system (SHS reservation system) about our previously disclosed incident of unauthorized access. Some travel management companies (TMCs) and travel agencies that booked travelers that may have been affected have also been notified about the incident, although those TMCs and other parties do not use or interact with the Sabre SynXis system. Our investigation is complete and we have determined that an unauthorized party accessed certain payment card information for a limited subset of hotel reservations processed through the SHS reservation system.
Not all reservations that were viewed included the payment card security code, as a large percentage of bookings were made without a security code being provided. Others were processed using virtual card numbers in lieu of consumer credit cards. Personal information such as social security, passport or driver’s license number was not accessed. Sabre has notified law enforcement and the credit card brands as part of our investigation.
There is no indication that any other Sabre systems beyond the SHS reservation system, such as Sabre’s Travel Network and Airline Solutions platforms, were affected by the unauthorized party. We have taken successful measures to ensure this unauthorized access to the SHS reservation system was stopped and is no longer possible. Our investigation did not uncover forensic evidence that the unauthorized party removed any information from the system, but it is a possibility.
This incident was limited to a subset of bookings made through the SHS reservation system and accessed over a seven month period from August 2016 to March 2017. Not all of our SHS customers had reservations that were accessed, and even for those that did have reservations that were viewed, it varied with regard to the percentage of reservations that were accessed. We have engaged Epiq Systems to provide complimentary consumer notice support for those customers that determine they have a notification obligation.
Full Article: https://goo.gl/hZW9GX