Journey reserving big Sabre mentioned it was investigating claims of a cyberattack after a tranche of information purportedly stolen from the corporate appeared on an extortion group’s leak web site.
“Sabre is conscious of the claims of a knowledge exfiltration made by the risk group and we’re presently investigating to find out their validity,” Sabre spokesperson Heidi Fort mentioned in an electronic mail.
The Dunghill Leak group claimed duty for the obvious cyberattack in an inventory on its darkish internet leak web site, alleging it took about 1.3 terabytes of knowledge, together with databases on ticket gross sales and passenger turnover, workers’ private knowledge, and company monetary info.
The group posted a portion of the information they allegedly stole, claiming the total cache will probably be made “accessible quickly.”
Sabre is a journey reservation system and main supplier of air passenger and reserving knowledge, whose software program and knowledge is used to energy airline and resort bookings, check-ins, and apps. Many U.S. airways and resort chains depend on the corporate’s expertise.
Screenshots seen by information.killnetswitch present a number of database names regarding reserving particulars and billing containing tens of thousands and thousands of information, although it’s not identified if the hackers had entry to the databases themselves.
A number of the screenshots seen contained information pertaining to workers, together with electronic mail addresses and their work areas. One screenshot contained worker names, nationalities, passport numbers, and visa numbers. A number of different screenshots present a number of U.S. I-9 types of workers who’re licensed to work in america. A number of passports discovered within the cache corresponded with Sabre workers, together with a Sabre vp, in response to their LinkedIn profiles.
It’s not identified when the alleged breach came about, however the screenshots posted by the extortion group present knowledge that seems to be as current as July 2022.
Little is understood about Dunghill Leak, besides that it’s a comparatively new ransomware and extortion group that advanced or rebranded from the Darkish Angels ransomware, which got here from the Babuk ransomware, in response to security researchers at Malwarebytes. So far, Dunghill Leak has claimed credit score for concentrating on coin-operated sport maker Unbelievable Applied sciences, meals big Sysco, and automotive merchandise maker Gentex.
Sabre final reported a security incident in 2017, after hackers scraped one million bank cards from its resort reservation system. The corporate paid $2.4 million to settle allegations introduced by a number of states following the breach.
Contact Zack Whittaker on Sign and WhatsApp at +1 646-755-8849, or by electronic mail. You can too ship information and paperwork by way of SecureDrop.