CHICAGO – Attorney General Kwame Raoul, along with a coalition of 27 attorneys general, today announced a $2.4 million settlement with Sabre Corp. resolving a multistate investigation into the 2017 data breach of Sabre Hospitality Solutions’ hotel booking system. The breach exposed the data of approximately 1.3 million credit cards.

“By not having appropriate information security measures or plans in place for responding to a data breach, Sabre left information belonging to millions of consumers vulnerable,” Raoul said. “Today’s settlement holds Sabre accountable and, more importantly, takes steps to safeguard against a future breach and better protects consumers.”

Get The Latest News!

Don't miss our top stories and need-to-know news everyday in your inbox.

Sabre Hospitality Solutions (Sabre), a business segment of Sabre Corp., operates the SynXis Central Reservation system, which allows business travel coordinators, travel agencies, and online travel booking companies to make reservations with hotels or hotel brands. In June 2017, Sabre informed its hotel customers of a data breach that had occurred between August 2016 and March 2017. Hotels were left to notify their customers of the breach, resulting in some notices being issued as late as 2018, and some consumers receiving multiple notices.

Article continues after sponsor message

Under the settlement, Sabre agrees to implement and maintain a comprehensive information security program, a written incident response and data breach notification plan, specific security requirements, and undergo a third-party security assessment. In addition, Sabre’s future contracts will include language to specify the roles and responsibilities of both Sabre and its hotel customers in the event of a breach. Today’s settlement also requires Sabre to determine whether its hotel customers have notified consumers of the breach, and to provide Raoul and the coalition a list of all the customers Sabre has notified. According to the settlement, Sabre will pay the states $2.4 million.

Privacy Unit Chief Matt Van Hise, Consumer Fraud Bureau Chief Beth Blackston, and Assistant Attorneys General Carolyn Friedman and Ronak Shah handled the settlement for Raoul's Consumer Fraud Bureau.

Joining Raoul in this settlement are the attorneys general of Alaska, Arizona, Arkansas, Connecticut, Florida, Hawaii, Indiana, Iowa, Louisiana, Michigan, Minnesota, Missouri, Montana, Nebraska, Nevada, New Jersey, New York, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, Tennessee, Vermont, Virginia and Washington.

Read More:

Sep 30, 2020 | Attorney General Raoul Announces $39.5 Million Settlement With Anthem Over 2014 Data Breach

Nov 14, 2022 | Attorney General Raoul Announces Settlements To Resolve Investigations Into Experian Data Breaches

Nov 24, 2020 | Attorney General Raoul Announces $17.5 Million Settlement With The Home Depot Over 2014 Data Breach

Oct 9, 2020 | Attorney General Raoul Announces $5 Million Settlement With Community Health Systems For Data Breach

RBRadioLaunchGif"Cheap Trick - I Want You To Want Me" now playing on The Eagle, the Riverbend's only Classic Rock station on Riverbender Radio.

Listen on Alexa: "Alexa, play The Eagle on the radio"