Reservation System Breach Affects Hard Rock Hotels & Casinos, Loews HotelsAlong with death and taxes, data breaches are one of the only constants in this technology-driven world. As hackers target bigger fish, breaches in the retail and hospitality industries are becoming extremely common, meaning that more recent data breaches affect larger pools of people. In this blog post, we’re talking about the SynXis system hack which affected multiple hotel chains using Sabre Hospitality Solutions’ reservation system.

Sabre Hospitality Solutions says an unauthorized party accessed its systems

What happened: A number of hotels use third-party reservation and payment systems to run their businesses, and Sabre, which serves over 36,000 hotels and lodging services, is a giant among these third-party services. Back in May, during its quarterly filing with the Security Exchange Commission, Sabre disclosed that it was “investigating an incident of unauthorized access.” The breach specifically affected its SynXis Central Reservation System, potentially putting any hotel and lodging companies using this system at risk. There is no indication, though, that any of Sabre’s other systems and services were impacted. After its investigation, Sabre announced on July 5 that it determined the breach occurred over a seven-month period, from August 2016 and March 2017. Despite the duration of the breach, Sabre says that only a subset of reservations processed were affected. Even among this subset, not all transactions included credit card security codes, and the company claims that some of its bookings were processed with virtual credit card numbers, which are one-time credit card numbers used to conceal a consumer’s true credit card number. However, in other cases, thieves might have gained access to credit card numbers, guest names, emails, phone numbers, address and other information. Social Security numbers, passports or drivers licenses were not accessed.

Who is affected: While the subset of customers identified through Sabre’s investigation are the only known victims so far, a handful of hotels have publically issued statements mentioning their usage of SynXis and explaining that they have customers who might have been directly affected by the breach.

What Sabre is doing about it: Sabre has been working with a noted cybersecurity company and began notifying potential victims ever since it had a preliminary information on the breach earlier in June. Sabre also seems to have notified specific business partners, like Hard Rock Hotels & Casinos as well as Loews Hotels. In turn, these business partners are elaborating on the potential implications this breach may have on their customers. Beyond this, Sabre says is monitoring the situation to ensure there is no more unauthorized access into its systems.

Hard Rock Hotels & Casinos and Loews Hotels address customers about breach

This month, both Hard Rock and Loews reported that Sabre reached out to them to notify them of the SynXis breach. Of the hotels reporting they were affected, Hard Rock Hotels & Casinos and Loews Luxury Hotels are among the largest chains to fall victim to the breach. That said, there appear to be other breach victims, including 14 locations of Trump Hotels, a hotel brand that’s fallen victim to data breaches before. While neither Hard Rock, nor Loews stated that their internal systems were compromised, since both chains use SynXis, any Hard Rock or Loews customers who stayed at certain hotels between August 2016 and March 2017 may be impacted. To help identify victims of the breach, Hard Rock released a list of impacted hotels and Loews also released a list of impacted hotels. If you stayed in an impacted hotel, be sure to check your credit card statement and report any unfamiliar charges immediately, check your credit reports to confirm no new accounts were opened in your name and consider investing in an identity theft protection service, as it will help you keep track of who may or may not have your personal information.

Something for all consumers to keep in mind

Because of the ubiquity of data breaches, you might become numb to their presence. Rather than ignore the news of new breaches, you should understand that breaches are an unfortunate, but regular aspect of the modern world. While you don’t have to see breaches as an inevitable, you can and should take some steps to protect your personal information, so if a breach does happen, you can rest easy knowing that you’re protected. You can start by regularly monitoring your credit reports as well as your credit card and bank account activity. Additionally, you can opt to proactively protect your credit by placing a credit freeze or fraud alert on your reports. Not sure which is best for you? Our guide to credit freezes and fraud alerts can help you decide.

To keep up with the latest technology and cybersecurity news, continue reading our identity theft protection blog.