Data breach at hotel booking company exposes customers’ personal details

Guests at some of the world’s biggest hotels have had their personal data and card information exposed after a third-party booking company suffered a data breach.

Sabre Hospitality Solutions was breached between 10 August 2016 and 9 March 2017. During this time, an unauthorizd party compromised Sabre’s SynXis reservations system, gaining access to payment card information and reservation details, including names, email addresses, and phone numbers.

The affected hotels were: Four Seasons, Trump Hotels, Kimpton Hotels, Red Lion, the Rosewood Hotel Group, Hard Rock Hotels, and Loews. The incident did not affect bookings made directly through these hotels’ websites.

Sabre downplays the incident

Although Sabre’s systems were exposed for seven months, the company downplayed the damage. A Sabre spokesperson told travel industry news site Skift that “less than 15 percent of the average daily bookings on the SynXis reservation system during that time period were viewed.”

Regardless, the hotels in question each have dozens of locations across the globe, so this incident will have almost certainly affected many people.

Sabre began working with a cybersecurity firm in July to help investigate the incident, and has notified law enforcement and major credit card brands. Affected customers have been notified by the hotels themselves.

Protect your customers

Hotels are notorious for data breaches. This is the third time Trump Hotels has been breached in the past two years, and it’s the second breach for Kimpton Hotels. InterContinental, Mandarin Oriental, Hilton, and White Lodging have reported data breaches since 2015.

Even if the hotels weren’t directly to blame, the number of data breaches may leave customers fearing the worst when they make reservations.

You can protect your company and ease any doubt your clients may have by implementing the requirements of the Payment Card Industry Data Security Standard (PCI DSS). Compliance with the Standard can be challenging, so we offer a PCI DSS Documentation Toolkit to help.

The toolkit provides a complete set of easy-to-use, customizble and fully PCI-compliant documentation, helpful project tools to ensure complete coverage of the Standard, and direction and guidance from a leading PCI Qualified Security Assessor.

Find out more about our PCI DSS Documentation Toolkit >>