Software maker Sabre yesterday confirmed it notified 29,590 people about a July 2022 data breach that compromised the following personal information:
- Names
- Social Security numbers
- Dates of birth
- Employment info
- Financial account numbers
- ID cards such as passports and driver’s licenses
- Signatures
Ransomware gang Dunghill Leak claimed responsibility for the July 2022 attack, but Sabre didn’t discover the breach until more than a year later in September 2023, according to a breach notice posted by the Maine attorney general. Sabre then took more than a year to investigate and notify victims.
Dunghill Leak claims it stole about 1.3 terabytes of data including databases on ticket sales, passenger turnover, personal data, and corporate financial information. Sabre makes travel booking software for airlines and hotels.
Sabre in September 2023 said it investigated Dunghill Leak’s claim, but never officially confirmed it. We do not yet know whether Sabre paid a ransom, how much Dunghill Leak demanded, or how attackers breached Sabre’s network. Comparitech contacted Sabre for comment and will update this article if it responds.
Sabre’s notice to victims states, “On September 6, 2023, Sabre GLBL Inc. (“Sabre”) became aware that the confidentiality of some of its employee related information, including personal information maintained by Sabre, was compromised by an unauthorized third party that in some instances was posted on the dark web in a series of posts concluding in October 2023.”
Sabre is offering eligible victims free credit monitoring and identity theft protection for 24 months via Experian.
Who is Dunghill Leak?
Dunghill Leak, also known as Dark Angels Team, is a ransomware group that began posting targets to its leak site in April 2023. It usually posts victims who refused or failed to pay a ransom, unlike other groups that post victims before negotiations begin. Although it doesn’t claim as many attacks as its peers, Dunghill Leak has launched some of the most high-profile ransomware attacks in history. The group reportedly received a $75 million payment from pharmaceutical giant Cencora, and has claimed attacks on Johnson Controls, Gentex, and Sysco.
Dunghill Leak has claimed five confirmed attacks since it began operating, with another two unconfirmed.
The only other confirmed Dunghill Leak claim this year was an attack on Nexperia, a Dutch manufacturer.
Ransomware attacks on US tech
Ransomware attacks on tech companies can steal data and lock down computer systems until a ransom is paid to unlock them. Failing to pay can result in days or weeks of downtime and recovery, permanent data loss, and putting data subjects at higher risk of fraud.
In 2023, Comparitech researchers recorded 44 confirmed ransomware attacks on US tech companies, which compromised 104 million records. This year, we’ve only logged eight such attacks, affecting 1.9 million records. The average ransom demand is about $20 million, skewed by massive demands on companies like CDK Global (paid $25 million to BlackSuit) and CDW Government (LockBit demanded $80 million).
Other recently confirmed ransomware attacks on US tech companies include those on Blue Yonder (Termite) and ATSG (BianLian).
About Sabre
Sabre GLBL, Inc is a NASDAQ-listed software company headquartered in Southlake, Texas. Founded in 1960, it makes booking software for hotels and airlines. It maintains the largest global distribution system for flight bookings, and handles tends of thousands of transactions every second for 70 airlines and 100,000 hotels, according to external sources. It employs more than 6,000 people.
