Sabre Corporation Suffer Data Breach That Potentially Affected 36,000 Properties

Media Division | May 3, 2017

The hotel industry has shown to be an extremely large target for cyber attackers.  In fact, several hotels have already been hit this year, not to mention those of previous years.  For instance, there was the large Intercontinental Hotels Group breach last month.  These organizations hold a wide range of personal and financial information of a multitude of people, which is extremely valuable to cyber criminals.  The most recent example of a hotel industry attack was upon Sabre Corporation, a technology solution provider for hotel and airlines and operator of a large travel marketplace.

The Vector of Attack

On Tuesday, Sabre had filed their quarterly report to the U.S. Security and Exchange Commission, in which they had acknowledged the fact that there had been unauthorized access to their Synxis Central Reservation system. This system is employed at around 36,000 locations, and the breach allowed access to payment information contained in a subset of hotel reservations.  Those using this software include global hospitality chains, as well as independent operations.  There has not been much additional information in regard to the breach beyond that, such as the source, method, or extent of it. Though, while they do not have any definitive evidence, they suspect it may have been accomplished through co-opted employee credentials.  “There is no reason to believe that any other Sabre systems beyond SynXis Central Reservations have been affected,” Sabre said in a statement to affected locations. “There is no reason to believe that any other Sabre systems beyond SynXis Central Reservations have been affected.”

How Sabre Addressed the Breach

Sabre’s response to the breach has seemed to be quite appropriate.  They had quickly notified authorities of the incident, as well as hired FireEye’s Mandiant forensics division to investigate the breach.  Mandiant has not released any further information regarding the incident at this time.  A data breach can result in a large amount of initial damage, but it can be further perpetuated when it is not properly mitigated or addressed.  It appears that Sabre has been taking the correct actions to ensure that the incident is definitively addressed. In fact, many organizations will go quite some time before even announcing a breach or notifying those affected.  The proper handling of a breach can allow an organization to recover from it, but conversely, a negligent approach can cause an organization to tank in certain cases.

Mitigating Cyber Attacks with Data Breach Solutions

Unfortunately, cyber attacks are much more common than they have ever been.  The wide use of technology in our society has offered a large amount of potential attack vectors for malicious criminals to illicitly access systems and networks.  Because of the widespread prominence of cyber attacks, comprehensive cyber security is a matter of absolute necessity.  Far too many organizations lack in this area because they assume or hope that they will not be the target of an attack, but this is often not the case.  Even small organizations tend to be heavily targeted by attackers because of their lacking security. When an attack does happen to be successful, an organization needs to be able to react quickly and effectively to mitigate it using data breach solutions.  This includes addressing the immediate security hole, alerting those affected, and tracing and eliminating the threat where possible.  Massive Alliance provides data breach solutions that can help an organization to properly remediate and recover from a breach.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.