Some of Google employees' private and financial data may have been exposed after a travel agency that handles all of the tech giant's travel bookings was affected by a separate breach of the SynXis customer reservation system. Google notified its employees and the state of California about the breach, adding that hackers stole names, contact details and card data used to make hotel bookings for the company's staff.
The stolen data was not accessed directly from Google, nor does it appear to be a targeted attack on the company. The data was stolen earlier this year when the Sabre Hospitality Solutions SynXis reservation system was compromised. Carlson Wagonlit Travel (CWT) handles all of Google's business trip bookings and although the breach did not happen at the firm, its data was among that was accessed.
"Sabre notified CWT, which uses the SynXis CRS, that an unauthorised party gained access to personal information associated with certain hotel reservations made through CWT," Google told its staff in a letter. "CWT subsequently notified Google about the issue on June 16, 2017, and we have been working with CWT and Sabre to confirm which Google travelers were affected."
(CWT later clarified that it does not use SynXis CRS. See update below.)
"Sabre's investigation discovered no evidence that information such as Social Security, passport, and driver's licence numbers were accessed. However, because the SynXis CRS deletes reservation details 60 days after the hotel stay, we are not able to confirm the specific information associated with every affected reservation," Google added in its letter to its workers.
As a result of the breach, Google is now offering its employees two years worth of free "identity protection and credit monitoring services". The company also urged its staff to stay vigilant against potential fraud and identity thefts.
After publication of this article, CWT released a statement to IBTimes UK, saying it did not use the SynXis reservation system, which is at the heart of the breach. However the firm stated that it has "proactively notified potentially impacted customers".
"CWT was informed by Sabre that some traveller data had been viewed by an outside party due to a breach of Sabre's Hospitality Solutions / SynXis Central Reservation system ("SHS"), which provides reservations technology and support to hotels," CWT said in a statement. "SHS is not a CWT technology platform or a solution used by CWT."
(This article was updated to clarify that CWT does not use SynXis CRS and that its systems were not hacked.)