Data Breach at Sabre Hits Four Seasons and Other Hotels

Four Seasons Hotels and Resorts and Trump Hotels are the latest hotel companies to go through a data security breach, although this time the breach took place via their third-party hotel reservations provider, Sabre.

[Editor's Note: Other hotels impacted by the data breach as of July 17 now include Kimpton Hotels & Restaurants and Red Lion Hotels Corporation.]

The period during which the breach took place was from August 10, 2016 to March 9, 2017. During this time, guest information related to a subset of hotel reservations (unencrypted payment card information, reservation information) booked through Sabre's SynXis central reservations system was accessible by an unauthorized party.

SynXis handles hotel reservations made by consumers not just through hotels, but also through online travel agencies.

A spokesperson for Sabre told Skift "less than 15 percent of the average daily bookings on the SynXis reservation system during that time period were viewed."

Reservations made on FourSeasons.com, with the Four Seasons global reservations office, or made directly with any of Four Seasons' 105 hotels or resorts were not compromised by this incident, the company said.

Likewise, the breach related to Trump Hotels did not take place on Trump Hotels' own reservations systems.

Four Seasons said this was a breach of the Sabre system and that "many" hotel properties and "travel partners" were impacted by the incident.

Sabre said the issue has been contained and that unauthorized access to the guest information is no longer possible, but that some data may have been compromised. Sabre's own investigation of the incident didn't show any evidence that the unauthorized party removed any information from the system, but it remains a possibility.

Four Seasons Hotels and Resorts and Trump Hotels are not the only companies to be impacted by this particular breach. A separate release issued by Sabre on July 5 noted "certain customers and partners that use or interact with Sabre Hospitality Solutions' SynXis Central Reservations System, and noted some travel management companies and travel agencies may also have been impacted."

The unauthorized party in this data breach accessed payment card information for certain hotel reservations and, in some cases, guest contact information. Information such as Social Security numbers, passports, or driver's license number of guests was not accessed, Sabre said.

Sabre is working with a cybersecurity firm to support its investigation and has notified both law enforcement and major credit card brands. Four Seasons said it contacted impacted guests with an email or mailed communication beginning on July 6.

Customers wanting more information about the breach are encouraged to call 800-442-8960 (U.S. and Canada) and 503-520-4461 (international) and to visit Sabre's website regarding consumer notices.