Google employees affected by the Sabre data breach

Pierluigi Paganini July 03, 2017

Google has notified some employees that they may have been hit by the data breach suffered by travel technology firm Sabre.

In May, the Travel Tech Giant Sabre confirmed in a SEC filing it was “investigating an incident involving unauthorized access to payment information contained in a subset of hotel reservations processed through the Sabre Hospitality Solutions SynXis Central Reservation system.”

The intruders gained access to the system after hijacking an internal account on the SynXis system.

“The unauthorized access has been shut off and there is no evidence of continued unauthorized activity,” reads a statement that Sabre sent to affected properties in May. “There is no reason to believe that any other Sabre systems beyond SynXis Central Reservations have been affected.”

The impact of the incident could be severe, the SynXis Central Reservation product is a rate and inventory management SaaS application that is currently used by more than 32,000 hotels worldwide.

Later, the company confirmed the hackers had managed to access personally identifiable data, payment card details, and other information.

Google employees were affected by the Sabre data breach, it notified affected employees via letter, the IT giant learned of the Sabre breach on June 16 from Carlson Wagonlit Travel (CWT).

Sabre data breach

Google notified employees that their name, contact information and payment card details may have been accessed by attackers, who breached the reservations system between August 10, 2016 and March 9, 2017.

“We recently learned that certain hotel reservations made for Google business travel were
among the many reservations affected by a security incident impacting a third-party provider’s
electronic reservation system that serves thousands of travel agencies and hotels. This did not
affect Google’s systems. However, this incident impacted one of the travel providers used by
Googlers, Carlson Wagonlit Travel (CWT).” states the letter.

“Sabre’s investigation discovered no evidence that information such as Social Security, passport, and driver’s license numbers were accessed,” Google said. “However, because the SynXis CRS deletes reservation details 60 days after the hotel stay, we are not able to confirm the specific information associated with every affected reservation.”

To protect its employee, Google opted to offer affected ones two years of identity protection and credit monitoring services.

Google is working with CWT and Sabre to address this issue. Sabre hired cybersecurity firm Mandiant to support its investigation. The company also notified law enforcement and the payment card brands about the data breach.

“We are offering you 24 months of complimentary identity protection and credit monitoring
services. These services, described below, will be provided by AllClear ID and are available as
of the date of this notice. You can use them at any time during the next 24 months:” states Google.

Updated July 14, 2017


CWT was informed by Sabre, that some traveler data had been viewed by an outside party due to a breach of Sabre’s Hospitality Solutions / SynXis Central Reservation system (“SHS”), which provides reservations technology and support to hotels.

SHS is not a CWT technology platform or a solution used by CWT.

CWT has proactively notified potentially impacted customers and encouraged them to visit the Sabre microsite (which includes call center details):


[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Data Breach, Sabre)

[adrotate banner=”13″]

you might also like

leave a comment