Sabre is looking into an "unauthorized access" incident affecting its hospitality unit's SynXis reservation system.
The acknowledgement comes in its 10-Q filing released yesterday at the same time as its first quarter earnings.
The specific paragraph relates to "contingencies/legal proceedings" and says:
"We are investigating an incident involving unauthorized access to payment information contained in a subset of hotel reservations processed through the Sabre Hospitality Solutions SynXis Central Reservation system.
"The unauthorized access has been shut off, and there is no evidence of continued unauthorized activity at this time.
"We have retained expert third-party advisors to assist in the investigation and are working with law enforcement.
"There is a risk that this investigation may reveal that [personally identifiable information] and [payment card industry data] or other information may have been compromised. It is not possible at this time to determine whether we will incur, or to reasonably estimate the amount of, any liabilities in connection with this incident.
"We maintain insurance that covers certain aspects of our cyber risks, and we are working with our insurance carriers in this matter."
No other specific details are available from Sabre. The cybersecurity blog which broke the story says that Sabre has brought in cybersecurity experts Mandiant to help.
The timing of the incident is also not disclosed. There is no reference to the incident in the 10-K filing which covered its 2016 financial year, so it appears as if the incident came to light during the first three months of the year.
Related reading from Tnooz:
Aviation tech heavyweights join forces on cybersecurity (April17)
Who takes responsibility for cybersecurity in a hotel? (March17)
IFEC hack spat – Panasonic denies alleged inflight security flaws (Dec16)
NBImage by Bigstock