Sabre disclosed in an SEC filing this week that it is
investigating a data breach of payment information for some reservations processed
through its SynXis hotel reservations system.
About 36,000 hotels use the SynXis reservations system.
"The unauthorized access has been shut off, and there
is no evidence of continued unauthorized activity at this time," Sabre
said in the filing.
Sabre said it is working with a third-party cybersecurity
firm, Mandiant, in its investigation of the incident. Law enforcement has been
notified, and "there is no reason to believe that any other Sabre systems
beyond SynXis Central Reservations have been affected."
The company also said it is notifying its customers about
the investigation.
In its SEC filing, Sabre stated that personally identifiable
information and payment card data might have been compromised in the breach.
"It is not possible at this time to determine whether
we will incur, or to reasonably estimate the amount of, any liabilities in
connection with this incident," the SEC filing said. "We maintain
insurance that covers certain aspects of our cyber risks, and we are working
with our insurance carriers in this matter."
The breach at Sabre comes on the heels of a data breach at
InterContinental Hotels Group that may have affected more than 1,100 hotels.