New ransomware group takes responsibility for Sabre data breach
San Francisco, Sep 7 (IANS) A new ransomware group known as Dunghill Leak has claimed that it is the one that hacked the systems of global travel booking giant Sabre.
According to TechCrunch, in a listing on its dark web leak site, the group claimed responsibility for the apparent cyberattack, alleging it took about 1.3 terabytes of data, including databases on ticket sales and passenger turnover, employees’ personal data, and corporate financial information.
“Sabre is aware of the claims of a data exfiltration made by the threat group and we are currently investigating to determine their validity,” Sabre spokesperson Heidi Castle was quoted as saying.
The group posted a portion of the allegedly stolen files, claiming that the entire cache would be made “available soon”.
According to the report, some screenshots showed several database names relating to booking details and billing containing tens of millions of records have been discovered, though it is unknown whether the hackers had access to the databases themselves.
Some other screenshots showed employee records, such as email addresses and work locations.
One screenshot included employee names, nationalities, passport numbers, and visa numbers.
However, it is unknown when the alleged breach occurred, but screenshots posted by the extortion group show data as recent as July 2022, the report said.
Till now, Dunghill Leak has claimed responsibility for targeting American designer and manufacturer of coin-operated video games Incredible Technologies, food giant Sysco, and Gentex, a manufacturer of automotive products.
Sabre is a travel reservation system used to power bookings and check-ins for airlines and hotels in the US. Last month, the notorious ransomware gang BlackCat also known as ALPHV, claimed responsibility for the cyberattack disclosed by the Japanese watchmaker Seiko firm.
The company on August 10, issued a data breach notification, stating that an unauthorised third party gained access to at least a portion of its IT infrastructure and accessed or exfiltrated data, reports Bleeping Computer.