The interconnectivity of our cyber technology can be both a blessing and a curse. It allows us to integrate many different technologies and tools together, but it can also result in various indirect breaches. There have been numerous incidents of third party breaches that result in peripheral organizations being affected as well. For instance, there are third party vendors that will host databases for other organizations, but if this third party is breached, it can result in these databases being exposed. A recent cyber attack like this involved a hotel reservation system, and it resulted in some Google employee’s personal information being exposed.
The How the Breach Occurred
The breach had nothing to do with Google’s security measures but involved a travel and reservations platform. Google commonly uses a service called Carlson Wagonlit Travel (CWT) to book work related hotel reservations for its employees, but the direct breach was not of CWT either. The initial attack was upon Sabre Hospitality Solutions, a company that develops a reservation platform called SynXis Central Reservation System, which is employed by tens of thousands of hotels around the planet. It allows for many different travel agencies to make various hotel reservations. Google sent a letter to their employees notifying them that the perpetrator was able to obtain information including payment card details and contact data. The hacker had been able to access the systems from August 10, 2016, to March 9, 2017. Sabre had begun to notify various affected travel agencies of the incident, and CWT, in turn, began notifying their customers, which included Google.
Google is addressing the incident by offering two years of free credit monitoring and identity protection to their affected employees but had also advised them to keep a watch over their reports. As it stands, this could be considered to be a minor breach for Google, as they have not been subject to a massive breach like several other large tech companies, such as Yahoo. Though, this is not the first time that Google employee information was compromised from a third party vendor.
Those who had used a travel agency within the above dates should check with the agency to see if they were part of the breach. If so, they should begin to watch their credit reports for any potentially suspicious activity. Cyber criminals do not always use stolen data right away. They may hunker down and wait to use it when the theft is not being focused on as much. Some attackers may not even use it themselves, but rather sell it on the black market for other criminals to use for their own malicious purposes.
Cyber Security in the Travel and Hospitality Industry
Travel and hospitality continue to be one of the most heavily targeted industries for cyber attacks, likely for the large amounts of personal data that these organizations can hold. Not only may they have a person’s name, payment information, and contact details, but they could also have passport and driver’s license information in some cases. Hackers can employ a multitude of different methods to breach travel and hospitality organizations, which is why these businesses need to ensure that they have proper security in place to prevent attacks. There are many tools and services that an organization can implement to better fortify themselves in the cyber realm. Massive Alliance’s cyber security offerings can help travel and hospitality organizations to bolster themselves against the threat landscape.