Cyber Incident Victim: Sabre Corporation
Date:
Feb 2022
Location:
Finland
Summary
A cyber-attack exploiting a vulnerability in an international hotel reservation system provider compromised personal data of thousands of guests at multiple upscale Finnish hotels. The breach affected at least five establishments, including two Helsinki-based properties under Nordic Hotels & Resorts, exposing names, contact details, and reservation dates of approximately 20,000 customers who booked directly through hotel websites. While no sensitive identity documents or financial data were accessed, the incident impacted Sabre Corporation's booking platform and prompted reporting to Finnish law enforcement and data protection authorities. The vulnerability was subsequently patched after discovery.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Between February 10 and 14, 2022, attackers exploited a vulnerability in an international hotel reservation system operated by Sabre Corporation, compromising the personal data of guests at multiple upscale Finnish hotels. The breach impacted at least five hotels, including Nordic Hotels & Resorts' F6 Hotel and Hotelli Kämp in Helsinki, affecting guests who booked directly through the hotels' websites. The intrusion remained undetected until April 9, 2022, when the vulnerability was discovered and subsequently patched. Nordic Hotels disclosed that 15,497 customer records were compromised in the attack on their two properties. The stolen information included guests' names, addresses, phone numbers, email addresses, and reservation dates, but did not involve sensitive identity documents or financial payment card data. Finnish news agency MTV initially reported the incident on April 26, 2022, revealing that three additional hotels beyond Nordic's properties were affected, raising the total number of impacted guests to at least 20,000.
Upon discovery of the breach, Nordic Hotels & Resorts notified Finnish authorities, including the police and the Office of the Data Protection Commissioner. Jonathan Blom, the company's communication advisor, confirmed the attack targeted a supplier's booking system and acknowledged that multiple other Finnish hotels were compromised through the same Sabre Corporation platform. The company emphasized its collaborative efforts with suppliers and IT teams to prevent such incidents while recognizing the persistent threat of cybercriminal activity. No specific details about the vulnerability's technical nature or the attackers' identity were disclosed publicly. The incident exclusively affected direct bookings through hotel websites, excluding third-party reservation channels. Forensic analysis indicated the breach window was limited to the four-day period in February, with no evidence of ongoing unauthorized access after the April 9 patch implementation.