by Michael J. Shapiro | July 13, 2017
The data breach that hit Sabre Hospitality Solutions' SynXis Central Reservations system -- first acknowledged by Sabre in early May -- has compromised guest payment data at a number of different hotel companies. To date, Four Seasons, Hard Rock Hotels, Loews, Rosewood and Trump Hotels all have confirmed that the incident affected guest information at their properties. Sabre has been notifying affected clients since June 6; as of July 5, Sabre's investigation into the breach was complete.
 
The security breach affected a subset of bookings made through SynXis from August 2016 through March 2017; not all of Sabre's SynXis clients were affected, and those that were suffered varying levels of compromise.
 
Over the past week, hospitality companies have been notifying their guests and specifying the dates and extent to which their properties might have been affected. Generally, the security incident affected payment-card information that included cardholder name, card number, expiration date and, in some cases, the card's security code. In some instances, guest name, email, phone number, address and other personal information might have been compromised -- although information such as Social Security, passport or driver's license numbers was not accessed.
 
Fourteen Trump Hotels properties were affected at various booking dates, detailed here. Most of the affected properties were only affected by bookings made in November 2016, but a few involved a wider range. 
 
Rosewood's affected properties, for bookings made beginning Nov. 3, 2016, included 17 Rosewood resorts, nine New World hotels and 27 Penta Hotel properties.
 
Eleven Hard Rock Hotel & Casino properties were hit. Neither Four Seasons nor Loews has named the specific properties affected; Four Seasons did note that all bookings made via the Four Seasons reservations offices, or directly with any of the properties, were not compromised by the Sabre breach.
 
Sabre also notified a number of travel-management companies and agencies that their booked travelers could have been affected by the breach, although the TMCs themselves do not interact with Sabre's SynXis reservation system. Sabre found no evidence that any of its other platforms, such as the Sabre Travel Network or Airlines Solutions, were affected by the incident.