The Sandman Hotel in Santa Rosa is notifying guests that their credit card information may have been hacked through a third party reservation system.
In a statement released July 30, the hotel said it was recently notified by its service provider, Sabre Hospitality Solutions of a data security incident that may affect customer information associated with certain Sandman hotel reservations.
The Sabre SynXis Central Reservations System facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following a forensic investigation, Sabre notified the hotel on June 6 that an unauthorized party gained access to their systems and was able to view some reservation information for a subset of hotel reservations that Sabre processed on behalf of the Sandman.
The investigation determined that the unauthorized party was able to access payment card information on Sabre’s system between Aug. 10, 2016, and March 9, 2017. No Sandman computer or network systems were affected in by this incident.
The unauthorized party was able to access payment card information for certain hotel reservations, including cardholder names, card numbers, card expiration dates, and, potentially, card verification codes. The unauthorized party was also able, in some cases, to access certain information such as guest names, emails, phone numbers, addresses, and other information. Sensitive information such as Social Security, passport, or driver’s license numbers were not accessed or affected by this incident. Sabre has informed the hotel that, to date, the payment card brands have not identified any patterns of fraud related to this incident.
According to the information that the Sandman received, Sabre engaged a leading cybersecurity firm to support its investigation and notified law enforcement and the payment card brands about the incident. Sabre also enhanced the security around access credentials and the monitoring of system activity to help prevent this type of incident from recurring in the future.
Resources and information are available from Sabre by calling 888.721.6305 24 hours a day, Monday through Friday or visiting www.sabreconsumernotice.com which includes recommendations from the Federal Trade Commission regarding identity theft protection.