Google has informed its employees that their personal data including names, credit card and contact details have been stolen after hackers broke into a travel agency software working with Google.
In a letter, Google informed the affected employees about the breach and explained that their drivers’ license, passport, and Social Security Numbers (SSN) were not stolen.
The agency which came under cyber attack is Sabre, a Southlake City, Texas-based popular travel technology firm.
Sabre explained to its customers that Sabre Hospitality Solutions SynXis, a reservation system used by more than 32,000 hotels around the world were targeted by unknown attackers. The system was also used by Carlson Wagonlit Travel (CTW) travel agency which is responsible for making hotel booking for Google employees.
The investigation which took place in May 2017 showed that hackers were able to breach an internal account on the SynXis platform allowing them to steal personal and financial data of the customers.
According to the letter sent by Google to its employees: “Sabre notified CWT, which uses the SynXis CRS, that an unauthorized party gained access to personal information associated with certain hotel reservations made through CWT. CWT subsequently notified Google about the issue on June 16, 2017, and we have been working with CWT and Sabre to confirm which Google travelers were affected.”
Furthermore, the letter informed that: “Sabre’s investigation discovered no evidence that information such as Social Security, passport, and driver’s license numbers were accessed. However, because the SynXis CRS deletes reservation details 60 days after the hotel stay, we are not able to confirm the specific information associated with every affected reservation.”
Google has urged its employees to “remain vigilant” and keep an eye on any suspicious activity as hackers can use the stolen data to carry out identity fraud. In such cases, Google employees are advised to contact Federal Trade Commission (FTC) or law enforcement authorities.
Also, Google is offering 24 months of complimentary identity protection and credit monitoring services.