Sabre's investigation into a credit card data breach in its SynXis hotel reservations system found that it was contained to "a limited subset of hotel reservations," but an unauthorized party did have access to credit card numbers, expiration dates and cardholder names.

Sabre first announced the data breach in May. Since then, the company said it has been working with its customers and partners that use or interact with the system. Some TMCs and travel agencies who may have booked affected travelers have also been notified about the incident, but Sabre said they do "not use or interact with the Sabre SynXis system."

According to Sabre, there was "no indication" that other systems outside of SynXis Central Reservations were affected. They did, however, find that the unauthorized party accessed the information over the course of seven months, from August 2016 to March 2017.

About 36,000 hotels use the SynXis reservations system.

According to the consumer website Sabre has set up about the incident, the unauthorized party was able to access cardholder names, payment card numbers, card expiration dates, card security codes for some, and, in some cases, guest name, email, phone number and address.

"Not all reservations that were viewed included the payment card security code, as a large percentage of bookings were made without a security code being provided," Sabre's statement said. "Others were processed using virtual card numbers in lieu of consumer credit cards. Personal information such as social security, passport or driver's license number was not accessed."

Since the breach was discovered, Sabre said it has taken steps to end the unauthorized access and ensure it is no longer possible. Law enforcement and the credit card companies were also notified. While no evidence was found that the unauthorized party removed information from the system, Sabre did say it is a possibility.

"Not all of our SHS customers had reservations that were accessed, and even for those that did have reservations that were viewed, it varied with regard to the percentage of reservations that were accessed," the statement said.

Sabre said it regrets the incident, and "our industry, like many, faces ever increasing cybersecurity threats that require strong partnerships across the travel ecosystem. Sabre will continue to take strong measures to protect the interests of our customers and the traveling public."

Comments
JDS Travel News JDS Viewpoints JDS Africa/MI