Travel Technology Company Sabre Suffers a Vast Data Breach
Table of Contents
- By Steven
- Sep 15, 2023
Sabre is a huge technology company that serves as a powerful travel reservation system for many of the major hotels and airlines in the United States. The company handles huge volumes of data during its daily duties and is responsible for maintaining accurate booking data for all these different travel companies. Sabre was recently the victim of a data breach, putting all that data at risk potentially.
How Did the Attack Occur?
We don't know the specifics about how the ransomware gang Dunghill Leak Group was able to infiltrate Sabre's databases and gather a substantial number of files, but this appears to be what occurred. We suspect the attackers either gathered company access credentials through phishing attacks or there is a weak spot in Sabre's security that enabled direct access without credentials. Either way, Dunghill is reporting that it's stolen vast amounts of information from Sabre. The breach appears to be very recent since some of the data displayed inside the stolen databases is as recent as July 2023.
What Information Was Viewed or Stolen?
According to the Dunghill Leak Group, the organization that claimed to be behind the breach at Sabre, the company captured approximately 1.3 terabytes of information. Among the stolen information were employees' personal data, financial information for the company, ticket sales information, and passenger turnover data. All these different data pieces create a harmful cluster of stolen data that could be used to launch cyber attacks on the employees or the company. Dunghill posted a small sample of the stolen files as proof, though there is no way to verify that the attackers have the sheer volume of files they claim to have. TechCrunch put up screenshots displaying the alleged stolen files, and the visual evidence shows a few different database names related to booking and billing information. Some of the databases contain tens of millions of separate records.
How Did Sabre Admit to the Breach?
Sabre released a statement explaining that it's investigating the claims its data networks have been breached and that large volumes of data have been stolen. The company responded to an email inquiry asking about the incident. It stated that it was aware of the data breach claims and that a full investigation is occurring to determine if the claims are valid and how much total data was accessed in the breach if so.
What Will Become of the Stolen Information?
With the way that the ransomware gang is displaying the stolen Sabre data, it will likely attempt to collect a ransom payment from Sabre. If Sabre doesn't agree to make a payment, the gang will likely try and sell the information to another group or individual. Hackers often resell stolen information to other attackers who are prepared to misuse the information in different ways. If that data is the result, it will be used to launch identity theft attacks and phishing attacks and to attempt to obtain money from the victims involved in the breach.
What Should Affected Parties Do in the Aftermath of the Breach?
If you are notified that your information was involved in the Sabre breach, you can take a few steps to help protect your data. First, you should always get a credit report to see if anything changes you didn't expect. After you verify your credit reports for each of the three bureaus, you can move on to either putting a freeze on your credit or investing in credit monitoring services for added protection. You should also watch your financial accounts closely and avoid giving away passwords or personal information via email, text message, or over the phone. Even emails that seem official are often fake, and simply designed to collect your data.