The California Office of the Attorney General disclosed a data breach affecting Woodside Hotels, stemming from unauthorized access to the Sabre SynXis Central Reservations system between August 10, 2016, and March 9, 2017. The incident exposed customer payment card information, including cardholder names, card numbers, and expiration dates, alongside certain reservation details. While the breach compromised financial data, sensitive identifiers like Social Security numbers were not accessed. The exact number of affected individuals remains undetermined, but the exposure of payment card data poses risks of fraudulent transactions, financial loss, and reputational damage for both customers and the company. The breach originated from a third-party reservation system, highlighting vulnerabilities in supply chain security and the potential for downstream impacts on businesses relying on external platforms for critical operations.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-100577
TPRM report: https://www.rankiteo.com/company/woodside-hospitality
"id": "woo023090625",
"linkid": "woodside-hospitality",
"type": "Breach",
"date": "8/2016",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Hotel/Resort',
'location': 'California, USA',
'name': 'Woodside Hotels',
'type': 'Hospitality'},
{'industry': 'Travel & Hospitality Software',
'name': 'Sabre Corporation (SynXis Central '
'Reservations)',
'type': 'Technology Provider'}],
'attack_vector': 'Unauthorized Access',
'data_breach': {'data_exfiltration': 'Likely (unauthorized access implies '
'exfiltration)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['Cardholder names'],
'sensitivity_of_data': 'Moderate to High (payment card '
'details but no SSNs)',
'type_of_data_compromised': ['Payment card data',
'Reservation details']},
'description': 'The California Office of the Attorney General reported that '
'Woodside Hotels experienced a data breach potentially '
'exposing customer information due to unauthorized access to '
'the Sabre SynXis Central Reservations system. The breach '
'occurred between August 10, 2016, and March 9, 2017, '
'affecting payment card information and certain reservation '
'details for an unknown number of individuals. Affected '
'payment card information included cardholder names, card '
'numbers, and expiration dates, but sensitive information such '
'as Social Security numbers was not accessed.',
'impact': {'data_compromised': ['Payment card information (cardholder names, '
'card numbers, expiration dates)',
'Reservation details'],
'identity_theft_risk': 'Low (no SSNs accessed)',
'payment_information_risk': 'High (cardholder names, card numbers, '
'expiration dates exposed)',
'systems_affected': ['Sabre SynXis Central Reservations system']},
'initial_access_broker': {'high_value_targets': ['Payment card data',
'Reservation system']},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Woodside Hotels Data Breach via Sabre SynXis Central Reservations '
'System',
'type': 'Data Breach'}