Four Seasons Hotels and Resorts said yesterday that its guest data was exposed during the security breach at Sabre's SynXis Central Reservations System.
In a press statement, Four Seasons said Sabre confirmed "on June 6, 2017, that an unauthorized party gained access to account credentials that permitted unauthorized access to certain unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through Sabre's system. Sabre's investigation determined that the unauthorized party first obtained access to payment card and other reservation information on August 10, 2016. The last access to payment card information was on March 9, 2017. Sabre's investigation did not uncover evidence that the unauthorized party removed any information from the system, but it is a possibility."
Customers from Four Seasons join employees of Google, who found that their personal information also was exposed to the hacker, who appears to have had access to booking data from August 10, 2016, until March 9, 2017.
SyNXis serves thousands of hotel properties in all market segments from independent properties to large global chains, and many of these companies and other travel partners have been impacted by this incident, Four Seasons said; "as a result, affected individuals may receive multiple notifications about this incident from multiple hotel properties or hotel brands, credit card companies, or other travel partners."
Reservations made on Fourseasons.com, with Four Seasons Worldwide Reservations Office, or directly with any of Four Seasons' 105 hotels or resorts were not compromised by this incident, the luxury hotelier said.