back to article Hard Rock hotels burgered up by Sabre breach

Two more hotel chains are warning customers they were caught by the breach of Sabre's "SynXis" hotel booking service that emerged earlier this year. Last Thursday, the Hard Rock chain warned that customers of 11 of its properties may have been caught up in the breach. According to Hard Rock's confession, Sabre advised it the …

  1. John Smith 19 Gold badge
    Unhappy

    On the plus side no biometrice involved.

    Then a compromised database could cost you some fingers.

  2. Anonymous Coward
    Facepalm

    Sabre SynXis central reservation system (CRS)

    Was it the client desktops or the SynXis backend that was hacked?

    1. Anonymous Coward
      Anonymous Coward

      Re: Sabre SynXis central reservation system (CRS)

      Sabre backend, someone with Admin cred's managed to access encrypted data for quite a few months.

  3. sitta_europea Silver badge

    Does chip & PIN have a bearing on this kind of threat or are we all at risk?

    1. Gordon Pryra

      Chip and Pin

      While Chip and Pin is not actually a security system, more a "shift blame to customers whilst reducing security system" the mechanics means that the Pin number is not stored when you use it.

      With contactless you are also pretty safe (from the Sabre story anyway) details of the card are not stored at the point of sale.

      That is if the $10 reader you put your card in is actually legit and not made by the guy who is stealing your details (whilst smiling at you)

  4. Doctor Syntax Silver badge

    Hypothetical musing

    From next May, if an EU citizen's personal data were to be leaked by a PoS in the US would GDPR apply? After all, the US want their laws to apply here so why shouldn't ours apply there?

    1. Nattrash

      Re: Hypothetical musing

      Looks like it...

      <www.eugdpr.org/gdpr-faqs.html>

      Who does the GDPR affect?

      The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

  5. Michael H.F. Wilkinson Silver badge
    Coat

    Alternatively

    Hard Rock Hotel hotel caught between a Rock and a Hard place

    Sorry, just couldn't resist

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like