U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Travel Tech Giant Sabre suffered a Data Breach, traveler data potentially at risk

Travel giant Sabre investigating a data breach that could have exposed payment and customer data tied to bookings processed through its reservations system. Another day, another data breach, this time the victim is the Travel Tech Giant Sabre that in a SEC filing confirmed it is “investigating an incident involving unauthorized access to payment information contained in a […]

Sabre

Travel giant Sabre investigating a data breach that could have exposed payment and customer data tied to bookings processed through its reservations system.

Another day, another data breach, this time the victim is the Travel Tech Giant Sabre that in a SEC filing confirmed it is “investigating an incident involving unauthorized access to payment information contained in a subset of hotel reservations processed through the Sabre Hospitality Solutions SynXis Central Reservation system.”

In its SEC filing, Sabre confirmed that the attackers had been locked out of its systems, anyway we cannot exclude that crooks had accessed personally identifiable information (PII), payment card data, and other information managed by the firm.

“The unauthorized access has been shut off and there is no evidence of continued unauthorized activity,” reads a statement that Sabre sent to affected properties today. “There is no reason to believe that any other Sabre systems beyond SynXis Central Reservations have been affected.”

The impact of the incident could be severe, the SynXis Central Reservation product is a rate and inventory management SaaS application that is currently used by more than 32,000 hotels worldwide.

According to the popular expert Brian Krebs, the company Sabre notified the incident to law enforcement and hired the firm Mandiant to investigate the case.

“Today, travel industry giant Sabre Corp. disclosed what could be a significant breach of payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and other lodging establishments.” wrote Krebs.

Sabre

This isn’t the first time Sabre suffered a cyber attack, in August 2015, the travel tech giant notified a cyber attack allegedly powered by a Chinese threat actor.

In December 2016, the notorious hackers Karsten Nohl and Nemanja Nikodijevic have demonstrated that the current travel booking systems are deeply insecure, they lack cyber security by design.

The experts explained that it is quite easy to modify any passenger’s reservation, cancel their flight bookings, and even use the refunds to book tickets for themselves.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Data Breach, Sabre)

[adrotate banner=”13″]