P2018-ND-061

Four Seasons Hotels Limited

On December 15, 2017, the Organization was notified by its third party reservation service provider, Sabre Hospitality Solutions, that an unauthorized party gained access to view certain reservation information on October 21, 2017. The service provider informed the Organization that it uses encryption on payment card data; however, the compromised credential had the right to decrypt card data. The service provider informed the Organization reported that the incident did not affect every reservation contained in the CRS, but only a smaller subset of reservations. The service provider reported that its investigation did not uncover specific forensic evidence that the unauthorized party removed any information from the system, but it is a possibility.

File Type: pdf
Categories: 2018
Tags: Unauthorized access