The California Office of the Attorney General disclosed a data breach affecting Kimpton Hotels & Restaurants, stemming from unauthorized access to Sabre Hospitality Solutions' system a third-party reservation platform used by the company. The breach occurred over a prolonged period, from August 10, 2016, to March 9, 2017, but was only reported on July 28, 2017.During this window, threat actors gained access to sensitive customer data, including payment card information (e.g., credit/debit card numbers, expiration dates, and security codes) and personal details (such as names, addresses, and possibly other identifying information). The exposure primarily impacted guests who made reservations or transactions through Sabre’s system during the specified timeframe.While the exact number of affected individuals was not detailed in the report, the breach posed significant risks of financial fraud and identity theft for customers. Kimpton Hotels & Restaurants, as the affected entity, faced potential reputational damage and legal liabilities due to the failure to secure third-party vendor systems. The incident underscored vulnerabilities in supply chain cybersecurity, where breaches in partner systems can directly compromise a company’s customer data.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-100657
TPRM report: https://www.rankiteo.com/company/kimpton-hotels-&-restaurants
"id": "kim025090625",
"linkid": "kimpton-hotels-&-restaurants",
"type": "Breach",
"date": "8/2016",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Hospitality',
'location': 'California, USA',
'name': 'Kimpton Hotels & Restaurants',
'type': 'Hospitality'},
{'industry': 'Travel & Hospitality Technology',
'name': 'Sabre Hospitality Solutions',
'type': 'Technology Service Provider'}],
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['payment card information',
'personal details']},
'date_publicly_disclosed': '2017-07-28',
'description': 'The California Office of the Attorney General reported that '
'Kimpton Hotels & Restaurants experienced a data breach '
'affecting personal information due to unauthorized access to '
"Sabre Hospitality Solutions' system. The breach occurred "
'between August 10, 2016, and March 9, 2017, potentially '
'involving payment card information and personal details of '
'affected individuals.',
'impact': {'data_compromised': ['payment card information',
'personal details'],
'identity_theft_risk': 'Potential',
'payment_information_risk': 'Potential',
'systems_affected': ["Sabre Hospitality Solutions' system"]},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Kimpton Hotels & Restaurants Data Breach via Sabre Hospitality '
'Solutions',
'type': 'Data Breach'}