Sabre has finished its investigation into a previously announced security breach impacting its SynXis hotel reservation system and concluded that "an unauthorized party accessed certain payment card information."
The incident came to light at the start of May.
In an update last night, Sabre said a limited subset of bookings made through SynXis were "accessed", of which only a certain number were then "viewed".
It has brought in global corporate services business Epiq Systems to handle the consumer-facing elements of the data breach. A dedicated microsite has been set up, to where consumers are directed.
This site offers more detail than the statement into what was accessed and/or viewed:
The consumer site also reveals that the breach was made possible by the hacker "gaining access to account credentials that permitted [the] unauthorized access."
The breach has been shut and Sabre says that no other systems - specifically distribution and airline solutions - were affected.
The unauthorized access happened over a seven-month period, from August 16 to March 17.
Sabre first announced it was looking into the incident in a 10Q filing in the "contingencies/legal proceedings" section. There is no indication in today's statement about the amount, if any, of its financial liability related to the incident.