American travel technology company Sabre is looking into an “unauthorized access” incident affecting its hospitality unit’s SynXis reservation system.
The acknowledgement comes in its 10-Q filing released yesterday at the same time as its first quarter earnings.
The specific paragraph relates to “contingencies/legal proceedings” and says:
“We are investigating an incident involving unauthorized access to payment information contained in a subset of hotel reservations processed through the Sabre Hospitality Solutions SynXis Central Reservation system.
“The unauthorized access has been shut off, and there is no evidence of continued unauthorized activity at this time.
“We have retained expert third-party advisors to assist in the investigation and are working with law enforcement.
“There is a risk that this investigation may reveal that [personally identifiable information] and [payment card industry data] or other information may have been compromised. It is not possible at this time to determine whether we will incur, or to reasonably estimate the amount of, any liabilities in connection with this incident.
“We maintain insurance that covers certain aspects of our cyber risks, and we are working with our insurance carriers in this matter.”
The timing of the incident is also not disclosed. There is no reference to the incident in the 10-K filing which covered its 2016 financial year, so it appears as if the incident came to light during the first three months of the year.