The Hard Rock and Loews hotel chains alerted patrons to security breaches; the issues are connected to a hack of the Sabre company's SynXis network.
Payment card information for a "small subset" of clients who made bookings using the SynXis platform which was supplied by outside vendor Sabre Hospitality Solutions was obtained by thieves.
After taking control of an internal account on the SynXis system, the hackers were able to access the system.
The conclusion of the inquiry into the Hard Rock Hotels and Casinos franchise breach. The Federal Trade Commission and the company's consumers were informed of the event.
Source: https://securityaffairs.com/60789/data-breach/hard-rock-security-breach.html
TPRM report: https://scoringcyber.rankiteo.com/company/loewshotels
"id": "loe34271123",
"linkid": "loewshotels",
"type": "Breach",
"date": "07/2017",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Small Subset',
'industry': 'Hospitality',
'name': 'Hard Rock Hotels and Casinos',
'type': 'Hotel Chain'},
{'customers_affected': 'Small Subset',
'industry': 'Hospitality',
'name': 'Loews Hotels',
'type': 'Hotel Chain'}],
'attack_vector': 'Compromised Internal Account',
'customer_advisories': 'Patrons Informed',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Payment Card Information'},
'description': 'The Hard Rock and Loews hotel chains alerted patrons to '
'security breaches; the issues are connected to a hack of the '
"Sabre company's SynXis network. Payment card information for "
"a 'small subset' of clients who made bookings using the "
'SynXis platform which was supplied by outside vendor Sabre '
'Hospitality Solutions was obtained by thieves. After taking '
'control of an internal account on the SynXis system, the '
'hackers were able to access the system. The conclusion of the '
'inquiry into the Hard Rock Hotels and Casinos franchise '
"breach. The Federal Trade Commission and the company's "
'consumers were informed of the event.',
'impact': {'data_compromised': ['Payment Card Information'],
'payment_information_risk': 'High',
'systems_affected': ['SynXis Platform']},
'initial_access_broker': {'entry_point': 'Internal Account Compromise'},
'investigation_status': 'Concluded',
'motivation': 'Data Theft',
'regulatory_compliance': {'regulatory_notifications': 'Federal Trade '
'Commission'},
'response': {'communication_strategy': 'Patrons and Federal Trade Commission '
'Informed'},
'title': 'Security Breach at Hard Rock and Loews Hotel Chains',
'type': 'Data Breach',
'vulnerability_exploited': 'Internal Account Compromise'}