The Hard Rock and Loews hotel chains alerted patrons to security breaches; the issues are connected to a hack of the Sabre company's SynXis network.
Payment card information for a "small subset" of clients who made bookings using the SynXis platform which was supplied by outside vendor Sabre Hospitality Solutions was obtained by thieves.
After taking control of an internal account on the SynXis system, the hackers were able to access the system.
The conclusion of the inquiry into the Hard Rock Hotels and Casinos franchise breach. The Federal Trade Commission and the company's consumers were informed of the event.
Source: https://securityaffairs.com/60789/data-breach/hard-rock-security-breach.html
TPRM report: https://scoringcyber.rankiteo.com/company/hard-rock-international
"id": "har34271123",
"linkid": "hard-rock-international",
"type": "Breach",
"date": "07/2017",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Small subset',
'industry': 'Hotel and Casino',
'name': 'Hard Rock Hotels and Casinos',
'type': 'Hospitality'},
{'industry': 'Hotel',
'name': 'Loews Hotels',
'type': 'Hospitality'}],
'attack_vector': 'Compromised Internal Account',
'customer_advisories': 'Informed consumers',
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Payment Card Information'},
'description': 'The Hard Rock and Loews hotel chains alerted patrons to '
'security breaches; the issues are connected to a hack of the '
"Sabre company's SynXis network. Payment card information for "
"a 'small subset' of clients who made bookings using the "
'SynXis platform which was supplied by outside vendor Sabre '
'Hospitality Solutions was obtained by thieves. After taking '
'control of an internal account on the SynXis system, the '
'hackers were able to access the system. The conclusion of the '
'inquiry into the Hard Rock Hotels and Casinos franchise '
"breach. The Federal Trade Commission and the company's "
'consumers were informed of the event.',
'impact': {'data_compromised': 'Payment Card Information',
'payment_information_risk': True,
'systems_affected': 'SynXis Network'},
'initial_access_broker': {'entry_point': 'Internal Account Compromise'},
'investigation_status': 'Concluded',
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': 'Internal Account Compromise'},
'regulatory_compliance': {'regulatory_notifications': 'Federal Trade '
'Commission'},
'response': {'communication_strategy': 'Informed Federal Trade Commission and '
'consumers'},
'title': 'Sabre SynXis Network Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Internal Account Compromise'}