CHICAGO – Attorney General Kwame Raoul, along with a coalition of 27 attorneys general, today announced a $2.4 million settlement with Sabre Corp. resolving a multistate investigation into the 2017 data breach of Sabre Hospitality Solutions’ hotel booking system. The breach exposed the data of approximately 1.3 million credit cards.

“By not having appropriate information security measures or plans in place for responding to a data breach, Sabre left information belonging to millions of consumers vulnerable,” Raoul said. “Today’s settlement holds Sabre accountable and, more importantly, takes steps to safeguard against a future breach and better protects consumers.”

Get The Latest News!

Don't miss our top stories and need-to-know news everyday in your inbox.

Sabre Hospitality Solutions (Sabre), a business segment of Sabre Corp., operates the SynXis Central Reservation system, which allows business travel coordinators, travel agencies, and online travel booking companies to make reservations with hotels or hotel brands. In June 2017, Sabre informed its hotel customers of a data breach that had occurred between August 2016 and March 2017. Hotels were left to notify their customers of the breach, resulting in some notices being issued as late as 2018, and some consumers receiving multiple notices.

Article continues after sponsor message

Under the settlement, Sabre agrees to implement and maintain a comprehensive information security program, a written incident response and data breach notification plan, specific security requirements, and undergo a third-party security assessment. In addition, Sabre’s future contracts will include language to specify the roles and responsibilities of both Sabre and its hotel customers in the event of a breach. Today’s settlement also requires Sabre to determine whether its hotel customers have notified consumers of the breach, and to provide Raoul and the coalition a list of all the customers Sabre has notified. According to the settlement, Sabre will pay the states $2.4 million.

Privacy Unit Chief Matt Van Hise, Consumer Fraud Bureau Chief Beth Blackston, and Assistant Attorneys General Carolyn Friedman and Ronak Shah handled the settlement for Raoul's Consumer Fraud Bureau.

Joining Raoul in this settlement are the attorneys general of Alaska, Arizona, Arkansas, Connecticut, Florida, Hawaii, Indiana, Iowa, Louisiana, Michigan, Minnesota, Missouri, Montana, Nebraska, Nevada, New Jersey, New York, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, Tennessee, Vermont, Virginia and Washington.

More like this:

Mar 6, 2024 - Attorney General Raoul Co-Leads Bipartisan Coalition Calling On Meta To Protect Users’ Accounts From Being Hijacked By Scammers

Oct 18, 2023 - Attorney General Raoul Announces $10 Million Multistate Settlement With ACI Worldwide For Unauthorized Withdrawals From Mortgage Holders

Feb 5, 2024 - Attorney General Raoul Announces Multistate Agreement With Opioid Manufacturer Hikma Pharmaceuticals

Feb 9, 2024 - Attorney General Raoul Urges FTC To Outlaw "June Fees"

Dec 19, 2023 - Attorney General Raoul Announces $700 Million Settlement With Google Over Play Store Misconduct