Sabre Faces Data Breach: Ransomware Gang Takes Credit

The travel booking giant, Sabre, may have experienced a significant data breach. The company is now actively investigating claims of a cyberattack after private records allegedly appeared on an extortion group's leak site. The publication TechCrunch has seen screenshots of Sabre databases and records that seem to confirm the validity of the breach, though not for certain.

The company spokesperson Heidi Castle said in an email that “Sabre is aware of the claims of a data exfiltration made by the threat group and we are currently investigating to determine their validity.” A cybercriminal group, Dunghill Leak, has publicly taken credit for what appears to be a massive cyberattack on Sabre.

They claim to have extracted approximately 1.3 terabytes of data. This vast cache of information includes databases related to ticket sales, passenger turnover, and even sensitive employee personal data. The group has already released a portion of the stolen files and promises that the complete set of data will be unveiled soon.

Sabre, a pivotal player in the travel industry, is a primary provider of air passenger and booking data. Their infrastructure is integral to powering numerous airline and hotel bookings worldwide.

The exact timeline of the breach remains uncertain, but indications suggest that the data could be as recent as July 2022. Recently emerging on the cybercrime scene, Dunghill Leak is believed to have evolved or rebranded from Dark Angels ransomware. Their track record includes attacks on various companies, including notable names like Incredible Technologies, Sysco, and Gentex.

It's worth noting that this isn't Sabre's first encounter with cybersecurity issues. Back in 2017, the company reported a breach where hackers managed to extract credit card data from its hotel reservation system, leading to a hefty $2.4 million settlement.