Four Seasons Hotels and Resorts was recently informed of a data security incident at Sabre, a third-party hotel reservations provider to thousands of hotel properties, including those managed by Four Seasons. The incident involved unauthorized access to certain guest information associated with a subset of hotel reservations processed through Sabre’s SynXis Central Reservations System (CRS) from August 10, 2016 until March 9, 2017. Sabre has confirmed that the issue has been contained and the unauthorized access has been revoked, but some guest information may have been compromised as a result of the incident.
The Sabre CRS facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following an examination of forensic evidence, Sabre confirmed to Four Seasons Hotels and Resorts on June 6, 2017 that an unauthorized party gained access to account credentials that permitted unauthorized access to certain unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through Sabre’s system.