Sabre Discloses Data Breach of Card Details at its Hotels

Sabre the giant in travel industry encountered a leak from its hotel reservation mechanism. Cyber-criminals had compromised its software, apparently causing exposure of the payment card information of a large number of guests.

The mechanism at Sabre which was hacked was utilized within over 32,000 hotels as well as guest houses. With its headquarters within Southlake, Texas, the Sabre hotel chain acknowledged the hacking incident within one quarterly filing that was made with United States SEC.

Earlier this week, Sabre publicly said within the Securities and Exchange Commission (SEC) filing about an investigation it was conducting of the data hack pertaining to payment details associated with certain reservations treated and confirmed via the SynXis system it operated for hotel bookings. According to Sabre, the unlawful admission into the system was shut off, while little evidence thereafter existed regarding uninterrupted unlawful activity.

Meanwhile, Sabre has requested Mandiant an intermediate cyber-security company to help it for investigating the hacking incident. The investigation thus far shows that besides SynXis Central Reservations system of Sabre no other has been affected. Sabre, moreover, has already notified law enforcement.

Prominent hotels which encountered payment card hacks during 2016 as KrebsOnSecurity stated are Trump Hotels, Kimpton Hotels, White Lodging, Mandarin Oriental and Hilton. Card hacks as well occurred for hospitality chains such as Hyatt and Starwood Hotels.

Generally, cyber thugs implanted malware on POS devices operated in bars and restaurants of the hotel groups. The malware often is planted through remote administration tools that have been hacked. After cyber criminals load their wares onto the POS machines they, via remote way, steal info from the cards swiped through those machines.

Centrify, a specialist in identity access management explains that the Sabre data hack once more shows how password-based safeguard is vulnerable. Yet again it reminds about the risk associated with depending on passwords thought to prevent unauthorized access to organization servers, data and applications. Itwire.com posted this online dated May 4, 2017.

The dual-factor-validation, states Centrify, is most appropriate to thwart most hacks which are aimed at company employees, particularly staff having plenty of access to data.

» SPAMfighter News - 5/8/2017