The Hard Rock Hotels and Casinos as well as luxury hotel chain Loews Hotels were among the organisations affected by the Sabre data breach. The breach involved hackers allegedly breaking into the Sabre Hospitality Solutions (SHS) SynXis, an inventory management software that is reportedly used by almost 500 hospitality firms.
Hard Rock confirmed that 11 of its properties, including the Hard Rock Hotel and Casino Las Vegas and the Hard Rock Hotel Cancun, were affected by the breach. The chain said in a statement that as part of the breach, hacker/hackers gained access SynXis account credentials, which in turn allowed the attackers to access some users' unencrypted payment card data and reservation information.
"Following an examination of evidence, Sabre alerted Hard Rock Hotels & Casinos on June 6, 2017 that an unauthorized party gained access to account credentials that permitted unauthorized access to unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through the reservation system. The investigation determined that the unauthorized party first obtained access to payment card and other reservation information on August 10, 2016. The last access to payment card information was on March 9, 2017," Hard Rock said in its statement.
Loews Hotels reportedly began warning customers affected by the breach.
"We have determined that an unauthorized party accessed certain payment card information for a limited subset of hotel reservations processed through the SHS reservation system," Sabre said in a statement. "Our investigation did not uncover forensic evidence that the unauthorized party removed any information from the system, but it is a possibility."
"Personal information such as social security, passport or driver's license number was not accessed. Sabre has notified law enforcement and the credit card brands as part of our investigation," Sabre added.
Timothy Enstice, a spokesman for Sabre told Threatpost that 15% of the average daily bookings on the SynXis system were viewed.
Last week, a letter sent to Google employees revealed that some of them may also have been affected by the breach.
It remains unclear as to how many people were affected by the breach.