Sabre Hospitality Company CyberSecurity Posture
sabrehospitality.com
Sabre Hospitality is an innovative technology partner powered by SynXis®, the leading global hospitality commerce and distribution platform, empowering hoteliers around the world to surpass limits, solve daily challenges, and outpace the competition. Through Sabre Hospitality Studios, our comprehensive portfolio of solutions, hoteliers can manage distribution, retailing, operations, and more to drive maximum revenue, operate more efficiently, and deliver personalized guest experiences. Leveraging our solutions and certified APIs, hoteliers can build an ecosystem that supports their unique business strategy and drives innovation, streamlines connections, and creates the hospitality experience guests expect. As your reliable partner, we give you the technology to Go Beyond.
Company Details
sabre-hospitality-solutions
227
21,245
7211
sabrehospitality.com
0
SAB_1099380
In-progress
Sabre Hospitality Risk Score (AI oriented)Between 700 and 749
Sabre Hospitality Global Score (TPRM)XXXX
Description: The California Office of the Attorney General reported a data breach involving Sabre GLBL Inc. on December 9, 2024. The breach occurred on September 6, 2023, and involved personal information of employees, including Social Security numbers and employment-related information. Approximately UNKN individuals were affected, and Sabre has implemented response actions including offering free credit monitoring services.
Description: The Vermont Office of the Attorney General reported a data breach involving Sabre GLBL Inc. on December 9, 2024. The breach, which occurred on September 6, 2023, involved unauthorized access to employee personal information, including names, Social Security numbers, and other sensitive information, potentially posted on the dark web.
Description: A global travel technology company suffered a breach that affected at least some of the many bookings passed through its reservations system. An unauthorized party gained the access to the bookings that passed through its SynXis Central Reservations system. The compromised information includes customers’ personally identifiable information (PII), payment card information (PCI), and other details. Sabre launched the investigation and started notifying the affected customers.
Description: The largest travel booking company in the world, Sabre, declared that it was investigating claims of a cyberattack after a group of files purportedly seized from the business appeared on a leak site run by an extortion ring. The claims of data exfiltration made by the threat group are known to Sabre, and it is investigating them to determine whether they are accurate. The Dunghill Leak outfit admitted to carrying out the purported cyberattack in a blog on their leak website on the dark web. stating that 1.3 terabytes of data were required, including databases on ticket sales, passenger volume, employee personal information, and business financial information.
Description: The systems of Sabre Hospitality Solutions (Sabre), a service provider used by Trump Hotels, were the site of this event that suffered from a data breach. On June 5, 2017, Sabre reported that a third party had gained access to account credentials, giving them access to payment card data and particular reservation details for certain of our hotel bookings made through Sabre's CRS.
Description: On July 14, 2017, the California Office of the Attorney General disclosed a data breach affecting **Two Roads Hospitality LLC**, stemming from unauthorized access to **Sabre Hospitality Solutions**—a third-party reservation and payment processing system. The breach, which began on **August 10, 2016**, and persisted until **March 9, 2017**, involved the compromise of **payment card and reservation information** of an undisclosed number of individuals. While the exact scope of the exposed data (e.g., names, card numbers, or reservation details) was not specified, the incident highlighted vulnerabilities in third-party vendor systems handling sensitive customer financial data. The prolonged exposure period increased the risk of fraudulent transactions or misuse of payment details. The breach underscored the critical need for robust monitoring and access controls within hospitality industry supply chains, where third-party providers often manage high volumes of transactional and personal data. No ransomware or direct operational disruption was reported, but the incident posed significant reputational and financial risks for both Two Roads Hospitality and its affected customers.
No incidents recorded for Sabre Hospitality in 2025.
No incidents recorded for Sabre Hospitality in 2025.
No incidents recorded for Sabre Hospitality in 2025.
Sabre Hospitality cyber incidents detection timeline including parent company and subsidiaries
Sabre Hospitality is an innovative technology partner powered by SynXis®, the leading global hospitality commerce and distribution platform, empowering hoteliers around the world to surpass limits, solve daily challenges, and outpace the competition. Through Sabre Hospitality Studios, our comprehensive portfolio of solutions, hoteliers can manage distribution, retailing, operations, and more to drive maximum revenue, operate more efficiently, and deliver personalized guest experiences. Leveraging our solutions and certified APIs, hoteliers can build an ecosystem that supports their unique business strategy and drives innovation, streamlines connections, and creates the hospitality experience guests expect. As your reliable partner, we give you the technology to Go Beyond.
Founded in Germany in 1897, Kempinski Hotels has long reflected the finest traditions of European hospitality. Today, as ever, Kempinski is synonymous with distinctive luxury. Located in many of the world's most well-known cities and resorts, the Kempinski collection includes hotels in a grand mann
More than an iconic place to stay, Holiday Inn Hotels are a place to be in the moment–gathered to celebrate with family, laughing with friends, sharing a meal with the team, or just for some well-deserved me-time. No matter the reason you travel, when you’re here, you’re right where you’re meant to
IHG Hotels & Resorts [LON:IHG, NYSE:IHG (ADRs)] is a global hospitality company, with a purpose to provide True Hospitality for Good. With a family of 19 hotel brands and IHG One Rewards, one of the world's largest hotel loyalty programmes, IHG has over 6,300 open hotels in more than 100 countries,
Hyatt is guided by its purpose: to care for people so they can be their best. Hyatt’s portfolio includes 1,000+ hotel and all-inclusive properties in over 75 countries across 6 continents. Hyatt’s offerings include brands in the Timeless Collection, including Park Hyatt®, Grand Hyatt®, Hyatt Regency
An IHG hotel. IHG Hotels & Resorts [LON:IHG, NYSE:IHG (ADRs)] is a global hospitality company, with a purpose to provide True Hospitality for Good. At Holiday Inn Express, we strive to make every interaction you have with us simple, smart and refreshingly engaging. With over 3,000 hotels in 75 di
Hilton (NYSE: HLT) is a leading global hospitality company with a portfolio of 24 world-class brands comprising more than 8,400 properties and over 1.25 million rooms, in 140 countries and territories. Dedicated to fulfilling its founding vision to fill the earth with the light and warmth of hospita
We are Accor We are more than 290,000 hospitality experts placing people at the heart of what we do, creating emotion for our guests, and nurturing passion for service and achievement beyond limits. Building on the strength of our teams and of our fully integrated ecosystem of leading brands, perso
Four Seasons Hotels and Resorts opened its first hotel in 1961, and since that time has been dedicated to perfecting the travel experience through continual innovation and the highest standards of hospitality. Currently operating more than 120 hotels and resorts, and more than 50 residential propert
Deutsche Hospitality stands for an exceptional portfolio comprising more than 130 hotels in 20 countries on three continents, about 30 hotels are currently under development. Deutsche Hospitality stands for an exceptional portfolio comprising more than 130 hotels in 20 countries on three continents
.png)
AUSTIN, Texas, Nov. 05, 2025 (GLOBE NEWSWIRE) -- Telnyx, the full-stack Conversational AI platform, today announced a new integration with...
Learn how Sabre Corporation, a global travel technology leader, partnered with Palo Alto Networks to achieve a 95% reduction in security incidents and a 90%...
TPG has completed the acquisition of Hospitality Solutions, a technology platform for hotels worldwide, from Sabre.
Hospitality Solutions, a leading hospitality technology provider, today announced the completion of its previously announced acquisition by TPG.
Almost one year after the CrowdStrike outage grounded flights, airlines face cybersecurity threats from Scattered Spider.
Sabre Hospitality has unveiled advancements in its SynXis Concierge.AI, integrating AI into the SynXis Booking Engine.
Sabre Hospitality has announced major AI enhancements to its SynXis platform, integrating Concierge.AI capabilities into the SynXis Booking Engine.
Technology provider to the travel sector expects to use the $960 million in net proceeds to pay down debt and focus on its core business.
Sabre's sale of its hotel reservations tech should help the travel tech company focus on its core airline business.
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Sabre Hospitality is https://www.sabrehospitality.com.
According to Rankiteo, Sabre Hospitality’s AI-generated cybersecurity score is 740, reflecting their Moderate security posture.
According to Rankiteo, Sabre Hospitality currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Sabre Hospitality is not certified under SOC 2 Type 1.
According to Rankiteo, Sabre Hospitality does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Sabre Hospitality is not listed as GDPR compliant.
According to Rankiteo, Sabre Hospitality does not currently maintain PCI DSS compliance.
According to Rankiteo, Sabre Hospitality is not compliant with HIPAA regulations.
According to Rankiteo,Sabre Hospitality is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Sabre Hospitality operates primarily in the Hospitality industry.
Sabre Hospitality employs approximately 227 people worldwide.
Sabre Hospitality presently has no subsidiaries across any sectors.
Sabre Hospitality’s official LinkedIn profile has approximately 21,245 followers.
Sabre Hospitality is classified under the NAICS code 7211, which corresponds to Traveler Accommodation.
No, Sabre Hospitality does not have a profile on Crunchbase.
Yes, Sabre Hospitality maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/sabre-hospitality-solutions.
As of November 28, 2025, Rankiteo reports that Sabre Hospitality has experienced 6 cybersecurity incidents.
Sabre Hospitality has an estimated 13,644 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak and Breach.
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notifying affected customers, and remediation measures with offering free credit monitoring services..
Title: Data Breach at Global Travel Technology Company
Description: A global travel technology company suffered a breach that affected at least some of the many bookings passed through its reservations system. An unauthorized party gained access to the bookings that passed through its SynXis Central Reservations system. The compromised information includes customers’ personally identifiable information (PII), payment card information (PCI), and other details. Sabre launched the investigation and started notifying the affected customers.
Type: Data Breach
Attack Vector: Unauthorized Access
Threat Actor: Unauthorized Party
Title: Data Breach at Sabre Hospitality Solutions Affecting Trump Hotels
Description: The systems of Sabre Hospitality Solutions (Sabre), a service provider used by Trump Hotels, were the site of this event that suffered from a data breach.
Date Publicly Disclosed: 2017-06-05
Type: Data Breach
Attack Vector: Compromised Account Credentials
Vulnerability Exploited: Compromised Account Credentials
Title: Sabre Cyberattack and Data Exfiltration
Description: Sabre, the largest travel booking company in the world, declared that it was investigating claims of a cyberattack after a group of files purportedly seized from the business appeared on a leak site run by an extortion ring.
Type: Data Exfiltration
Threat Actor: Dunghill Leak
Motivation: Extortion
Title: Data Breach at Sabre GLBL Inc.
Description: The Vermont Office of the Attorney General reported a data breach involving Sabre GLBL Inc. on December 9, 2024. The breach, which occurred on September 6, 2023, involved unauthorized access to employee personal information, including names, Social Security numbers, and other sensitive information, potentially posted on the dark web.
Date Detected: 2023-09-06
Date Publicly Disclosed: 2024-12-09
Type: Data Breach
Attack Vector: Unauthorized Access
Title: Data Breach at Sabre GLBL Inc.
Description: The California Office of the Attorney General reported a data breach involving Sabre GLBL Inc. on December 9, 2024. The breach occurred on September 6, 2023, and involved personal information of employees, including Social Security numbers and employment-related information. Approximately UNKN individuals were affected, and Sabre has implemented response actions including offering free credit monitoring services.
Date Detected: 2023-09-06
Date Publicly Disclosed: 2024-12-09
Type: Data Breach
Title: Data Breach at Two Roads Hospitality LLC via Sabre Hospitality Solutions
Description: The California Office of the Attorney General reported that Two Roads Hospitality LLC experienced a data breach involving unauthorized access to payment card and reservation information at Sabre Hospitality Solutions. The breach occurred on August 10, 2016, and was last accessed on March 9, 2017. The number of individuals affected and specific types of information compromised were not disclosed explicitly.
Date Publicly Disclosed: 2017-07-14
Type: Data Breach
Common Attack Types: The most common types of attacks the company has faced is Breach.
Data Compromised: Pii, Pci, Other details
Systems Affected: SynXis Central Reservations System
Data Compromised: Payment Card Data, Reservation Details
Systems Affected: Central Reservation System (CRS)
Payment Information Risk: True
Data Compromised: 1.3 terabytes of data including databases on ticket sales, passenger volume, employee personal information, and business financial information
Data Compromised: Names, Social security numbers, Other sensitive information
Data Compromised: Social security numbers, Employment-related information
Data Compromised: Payment card information, Reservation information
Payment Information Risk: Yes
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Pii, Pci, Other Details, , Payment Card Data, Reservation Details, , Ticket Sales, Passenger Volume, Employee Personal Information, Business Financial Information, , Names, Social Security Numbers, Other Sensitive Information, , Social Security Numbers, Employment-Related Information, , Payment Card Information, Reservation Information and .
Entity Name: Sabre
Entity Type: Travel Technology Company
Industry: Travel and Hospitality
Entity Name: Trump Hotels
Entity Type: Hotel Chain
Industry: Hospitality
Entity Name: Sabre
Entity Type: Company
Industry: Travel Booking
Size: Large
Entity Name: Sabre GLBL Inc.
Entity Type: Company
Customers Affected: UNKN
Entity Name: Two Roads Hospitality LLC
Entity Type: Company
Industry: Hospitality
Entity Name: Sabre Hospitality Solutions
Entity Type: Service Provider
Industry: Travel Technology
Communication Strategy: Notifying Affected Customers
Remediation Measures: Offering free credit monitoring services
Type of Data Compromised: Pii, Pci, Other details
Personally Identifiable Information: Yes
Type of Data Compromised: Payment card data, Reservation details
Type of Data Compromised: Ticket sales, Passenger volume, Employee personal information, Business financial information
Sensitivity of Data: High
Data Exfiltration: 1.3 terabytes
Personally Identifiable Information: Yes
Type of Data Compromised: Names, Social security numbers, Other sensitive information
Sensitivity of Data: High
Data Exfiltration: Potentially posted on the dark web
Type of Data Compromised: Social security numbers, Employment-related information
Number of Records Exposed: UNKN
Sensitivity of Data: High
Personally Identifiable Information: Social Security numbers
Type of Data Compromised: Payment card information, Reservation information
Sensitivity of Data: High
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Offering free credit monitoring services, .
Regulatory Notifications: California Office of the Attorney General
Source: Sabre
Source: Vermont Office of the Attorney General
Date Accessed: 2024-12-09
Source: California Office of the Attorney General
Date Accessed: 2024-12-09
Source: California Office of the Attorney General
Date Accessed: 2017-07-14
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Sabre, and Source: Vermont Office of the Attorney GeneralDate Accessed: 2024-12-09, and Source: California Office of the Attorney GeneralDate Accessed: 2024-12-09, and Source: California Office of the Attorney GeneralDate Accessed: 2017-07-14.
Investigation Status: Ongoing
Investigation Status: Ongoing
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notifying Affected Customers.
Customer Advisories: Notifying Affected Customers
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Notifying Affected Customers.
Last Attacking Group: The attacking group in the last incident were an Unauthorized Party and Dunghill Leak.
Most Recent Incident Detected: The most recent incident detected was on 2023-09-06.
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2017-07-14.
Most Significant Data Compromised: The most significant data compromised in an incident were PII, PCI, Other Details, , Payment Card Data, Reservation Details, 1.3 terabytes of data including databases on ticket sales, passenger volume, employee personal information, and business financial information, names, Social Security numbers, other sensitive information, , Social Security numbers, employment-related information, , payment card information, reservation information and .
Most Significant System Affected: The most significant system affected in an incident was SynXis Central Reservations System and .
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were payment card information, Social Security numbers, other sensitive information, names, reservation information, PCI, 1.3 terabytes of data including databases on ticket sales, passenger volume, employee personal information, and business financial information, PII, employment-related information, Payment Card Data, Reservation Details and Other Details.
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 0.
Most Recent Source: The most recent source of information about an incident are Vermont Office of the Attorney General, Sabre and California Office of the Attorney General.
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Most Recent Customer Advisory: The most recent customer advisory issued was an Notifying Affected Customers.
.png)
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user's browser. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid