The Four Seasons, Hard Rock, Loews and now the Trump hotels have reported (link to Skift story) that they and their customers have been impacted by the Sabre data breach reported in May in attacks believed linked to the SynXis travel reservation platform. IT security experts commented below.
Lisa Baergen, Director of Marketing at NuData Security:
“Whenever personally identifiable information (PII) is compromised by a third-party provider such as Sabre, the looted consumer data can be made available to be cross-correlated with details from a plethora of other breaches and social platforms to create comprehensive digital identities. These full packages of identity information are more valuable to hackers, rendering the potential victims susceptible to fraud, identity theft, account takeovers. And for the brands themselves, likely that these impacted consumers will be potentially less loyal to their brands of choice.
“Every organization entrusted with PII – both the direct-to-consumer providers such as the hospitality chains and the third parties such as Sabre – should constantly be testing and hardening their defenses, and embracing more proactive, and effective levels of security such as consumer behavior analytics solutions to help prevent identity thefts. These sorts of breaches are now just too widespread to justify continued faith in legacy approaches, and too much consumer data is now ‘in the wild’ to protect consumers with outdated technology.
“Consumers need to accept it isn’t a matter of if they will be impacted anymore with the widespread proliferation of breaches; but when. Organizations charged to protect this data need to be more judicious and find a multilayered solution that better balances customer experience and security. Old point solutions, simple second factor approaches, or putting up walls no longer suffice.”
Michael Magrath, Director, Global Regulations and Standards at VASCO Data Security: