Sabre, a travel industry software giant, has recently warned hotels of a data security breach. Apparently, the hackers managed to compromise its software-as-a-service reservation systems.
It is possible that payment card data, along with customers’ personal details, was stolen. It is estimated that more than 36,000 properties may have been affected.
Sabre states that the breach involved the company’s SynXis Enterprise Platform. The software is used both as a reservation and property management system. The 36,000 properties that use it include both small and large businesses.
According to the company, they are still in the process of investigating the details. In order to assist them in their investigation, they have hired FireEye’s Mandiant, and are also working with various law enforcement agencies.
Timothy Enstice, the company’s spokesman, states that the unauthorised access has been disabled and there are no signs that any unauthorised activity is still ongoing. Apart from that, they believe that there is no reason to think that any systems other than SynXis Central Reservations have been affected.
Sabre believes there is a risk the investigation will reveal that PII, PCI, or other information may have been compromised. PII stands for ‘personally identifiable information’, and PCI stands for ‘payment card industry’.
California state law indicates that PII can include the following details:
– Full name
– Email address
– Phone number
– Street address
– Social security number
– Other information
Currently, Sabre cannot provide any estimates on how much the data security breach investigation might cost.