Breach of booking giant Sabre exposes tens of thousands


A ransomware attack on Sabre has led to the sensitive personal details of a number of its employees appearing on the dark web.

More than a year after the initial attack, Sabre has started contacting individuals whose data was impacted. While the company’s breach notification letters do not explicitly indicate the perpetrators, the timeline provided lines up with the Dunghill Leak attack against Sabre.

Sabre is a US-headquartered travel tech behemoth and a major supplier of air passenger and booking data. The company's services are employed by over 400 airlines and tens of thousands of travel agencies in over 200 countries and territories.

ADVERTISEMENT
jurgita Niamh Ancell BW Ernestas Naprys Paulius Grinkevicius
Be the first to know and get our latest stories on Google News

According to Sabre’s breach notification letter, on September 6th, 2023, the company learned that some of its employee data had been compromised by an “unauthorized party.” On the very same day, the media reported that the Dunghill Leak ransomware group stole 1.3 terabytes of data from the company.

“[...] in some instances [the data] was posted on the dark web in a series of posts concluding in October 2023,” Sabre informed individuals whose data was exposed over a year ago.

As with many companies faced with a similar situation, the travel tech giant hired third-party forensic providers to assess the impact of the breach. A subsequent investigation revealed that a copious amount of private sensitive data of its employees was exposed, including:

  • Names
  • Social Security numbers
  • Dates of birth
  • Employment related information
  • Financial account numbers
  • Passports, driver’s licenses, or national ID numbers
  • Signatures

According to information the company submitted to the Maine Attorney General, the cyberattack exposed the details of nearly 30,000 people.

Malicious actors could use leaked details for nefarious purposes, such as identity theft, targeted scams, or spearphishing campaigns. To assist individuals whose data was exposed last year, the company said it will offer 24 months of complementary identity protection services.

After the initial reports about the attack became public, Sabre said that no customer data was exposed. However, the company was also breached back in 2017, when attackers managed to access “payment card information for hotel reservations, including cardholder name; payment card number; card expiration date; and, for a subset of reservations, payment card security code.”

ADVERTISEMENT

Sabre reported a revenue of nearly $3 billion in 2023, with over 6,000 employees in its books.