Hard Rock Hotels & Casino has been hit by a cyber-attack that occurred through a third-party hotel reservation system.<\/p>\n
A cyber-attack is thought to have happened on 10th<\/sup> August 2016 where a hotel reservation system, run by Sabre Hospitality Solutions SynXis, was breached. When the breach was discovered, Sabre informed Hard Rock Hotels & Casinos of the breach; but this wasn\u2019t until June 2017.<\/p>\n That\u2019s a long time to pass before a breach is identified… An unauthorised party reportedly accessed account details, which then allowed them access to unencrypted payment card details (including payment card numbers, card expiration dates and payment card security codes), guest names, emails, phone numbers, addresses and reservation information that was processed through the system.<\/p>\n Sabre contends that social security numbers, passport numbers and\/or driver\u2019s licence numbers weren\u2019t accessed. But the information accessed is serious enough…<\/p>\n Upon investigating the matter, it was discovered that the unauthorised party obtained access to payment card details and reservation information on 10th<\/sup> August 2016. The investigation also revealed that the last access to payment card details was on 9th<\/sup> March 2017.<\/p>\n It appears that Hard Rock systems were accessible for almost a year. Sabre has hired a leading cyber-security firm, Mandiant<\/em>, to investigate the matter as well as notifying law enforcement agencies and banks about the security incident. It seems a little late to hire a cyber-security firm now when they\u2019ve already allowed their systems to be vulnerable for almost a year…<\/p>\n They\u2019ve tried to reassure guests that there\u2019s no evidence of any continued unauthorised activity, but how can they be fully certain that that\u2019s not the case?<\/p>\n The Hard Rock brand has a global presence in countries around the world. The following hotels have reportedly been affected within this period:<\/p>\n Sabre released a consumer website for those who booked a hotel reservation from 10th<\/sup> August 2016 to 9th<\/sup> March 2017. It notes they\u2019ve been directed to this site as the incident may have affected customers who used payment cards to make reservations. They noted that: <\/p>\n “…a large percentage of bookings were made without a security code being provided. Others were processed using virtual card numbers in lieu of consumer credit cards.”<\/p><\/blockquote>\n
\n<\/p>\nWhat information was accessed?<\/h2>\n
A year of unauthorised access?<\/h3>\n
What hotels were affected?<\/h3>\n
\n
Notification<\/h3>\n