Corporate travel company Sabre suffered a cybersecurity incident, first revealed in May, and this week the firm provided an update on the situation.
In an announcement Thursday (July 6), Sabre said it is working directly with certain clients and partners using Sabre Hospitality Solutions' SynXis Central Reservations System, the target of an apparent breach. Travel management companies and agencies using the platform have been notified by the company if they were potentially affected by the incident.
“Our investigation is complete, and we have determined that an unauthorized party accessed certain payment card information for a limited subset of hotel reservations processed through the SHS reservation system,” the company’s announcement stated.
Sabre did note, however, that the travel reservations made on the platform, and the cards used to pay for them, didn’t all include the card’s security code; other bookings were made with virtual card numbers, which are not the same as the card numbers of the payer.
The firm said it notified law enforcement and the credit card brands as part of its overall investigation and added that there was no evidence that any systems other than its SHS reservation system were affected.
“We have taken successful measures to ensure this unauthorized access to the SHS reservation system was stopped and is no longer possible,” Sabre said. “Our investigation did not uncover forensic evidence that the unauthorized party removed any information from the system, but it is a possibility.”
The breach occurred for reservations made between August 2016 and March 2017, the firm said.
“The Sabre team sincerely regrets this incident, and we appreciate the support and collaboration our partners have shown during this investigation,” it concluded. “Our industry, like many, faces ever-increasing cybersecurity threats that require strong partnerships across the travel ecosystem. Sabre will continue to take strong measures to protect the interests of our customers and the traveling public.”