"hotel reservations made for Google business travel were among the many reservations affected by a security incident impacting a third-party" - Google Notice of Data Breach
UPDATE: 14.07.2017 - Statement from CWT
A spokesman from CWT has reached out to Tritium Information Security and has provided us with the following statement:
"CWT was informed by Sabre, that some traveler data had been viewed by an outside party due to a breach of Sabre’s Hospitality Solutions / SynXis Central Reservation system (“SHS”), which provides reservations technology and support to hotels.
SHS is not a CWT technology platform or a solution used by CWT.
CWT has proactively notified potentially impacted customers and encouraged them to visit the Sabre microsite (which includes call center details): http://www.sabreconsumernotice.com"
In a recent letter to employees Google has alerted its staff that their personal information including names, credit cards, and contact information has been abducted in a data breach on a 3rd party vendor.
Sabre Hospitality Solutions SynXis, a reservation platform, fell victim to a data breach that has leaked personal information on the tech giant Google. The reservation system that is utilized by more than 32,000 hotels worldwide was targeted by unknown hackers. One of them being Carlson Wagonlit Travel (CTW), a travel agency responsible for the booking of hotels for Google employees.
Hackers were able to gain unauthorized access to the internal platform which in turn allowed them to obtain personal and financial information on their customers. The timeline of the breach is said to have been between August 10, 2016 to March 9, 2017.
In the letter Google stated "Sabre’s investigation discovered no evidence that information such as Social Security, passport, and driver’s license numbers were accessed. However, because the SynXis CRS deletes reservation details 60 days after the hotel stay, we are not able to confirm the specific information associated with every affected reservation."
Google is recommending that it's employees remain vigilant for any incidents of fraud and identity theft by regularly reviewing account statements and monitoring credit for unauthorized activity.
"We are working with CWT and Sabre to address this issue. Sabre engaged a leading cybersecurity firm to support its investigation. Sabre indicated that they also notified law enforcement and the payment card brands about this incident."
They are also providing 24 months of complimentary identity protection and credit monitoring services provided by AllClear ID.