Skip to content

Sabre reveals big data breach on its SynXis CRS for almost seven months – Hard Rock hotel warns guests

Southlake, Texas – 8 July 2017 –
For almost seven months, from August 2017 to March 2017 payment card informations of hotel guests and other travel bookers have been stolen form SynXis CRS of Sabre, the company revealed. Hard Rock hotels warned his guests and notified, that ‚an unauthorized party gained access to account credentials that permitted unauthorized access to unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through the reservation system.‘ All Hard Rock properties in the U.S. and in Mexico were affected.

A general consumer information site is available at http://sabreconsumernotice.com/ to support any direct consumer notice our customers might choose to make.

Sabre informed certain customers and partners since early June on this cybersecurity incident. „Not all reservations that were viewed included the payment card security code, as a large percentage of bookings were made without a security code being provided.  Others were processed using virtual card numbers in lieu of consumer credit cards.  Personal information such as social security, passport or driver’s license number was not accessed,“ a press releases stated. „There is no indication that any other Sabre systems beyond the SHS reservation system, such as Sabre’s Travel Network and Airline Solutions platforms, were affected by the unauthorized party.“  

This incident was limited to a subset of bookings made through the SHS reservation system and accessed over a seven month period from August 2016 to March 2017.  Not all of our SHS customers had reservations that were accessed, and even for those that did have reservations that were viewed, it varied with regard to the percentage of reservations that were accessed. We have engaged Epiq Systems to provide complimentary consumer notice support for those customers that determine they have a notification obligation.  The data submitted to the SHS reservation system varied, as well as the geographic locations of both our customers and their respective guests, so we have worked to provide those Sabre customers that had reservations that were viewed with all available information to evaluate their affected reservations and customer lists.