American Airlines, Sabre, Hacked
China-linked hackers have mowed through the databanks of major American health insurers and stolen personnel records of U.S. military and intelligence agencies, Bloomberg reported on Friday, citing people familiar with investigations of the attacks.
Sabre Corp., which processes reservations for hundreds of airlines and thousands of hotels, confirmed that its systems were breached recently, while American Airlines Group Inc., the world's biggest carrier, said it is investigating whether hackers had entered its computers.
Both companies were hacked as part of the same wave of attacks that targeted insurer Anthem Inc. and the U.S. government's personnel office, according to three people with knowledge of the cybersecurity probes. The investigators have tied those incursions to the same China-backed hackers, an assessment shared by U.S. officials, the people said.
Sabre, one of the largest clearinghouses for travel reservations, is a potentially rich target for state-sponsored hacks because of the company's role as a central repository of what it says are records on more than a billion travelers per year across the globe.
American is investigating whether hackers moved from Sabre's systems into its own computers, two of the people familiar with the examination said. The carrier shares some network infrastructure with Sabre, a onetime subsidiary that it spun off as a separate company in 2000. American and Sabre began contracting with outside experts to conduct the probe within the last month, said the people with knowledge of the inquiry.
American said the Fort Worth, Texas-based airline is looking into the possibility that hackers entered its systems but hasn't confirmed an intrusion. "Based on our deep and extensive investigations with the help of outside cybersecurity experts, American has found no evidence that our systems or network have experienced a breach like those at OPM or Anthem," he said.
"We are working closely with our partners to further investigate," spokesman Casey Norton Norton said, adding that the company takes cyber threats seriously and goes "above and beyond any notification requirements."
Sabre said it had "recently learned of a cybersecurity incident" and was investigating but couldn?t say what data may have been stolen or who it believed was responsible.
"We are not aware that this incident has compromised sensitive protected information, such as credit card data or personally identifiable information, but our investigation is ongoing," Sabre said in a statement.
Both companies were hacked as part of the same wave of attacks that targeted insurer Anthem Inc. and the U.S. government's personnel office, according to three people with knowledge of the cybersecurity probes. The investigators have tied those incursions to the same China-backed hackers, an assessment shared by U.S. officials, the people said.
Sabre, one of the largest clearinghouses for travel reservations, is a potentially rich target for state-sponsored hacks because of the company's role as a central repository of what it says are records on more than a billion travelers per year across the globe.
American is investigating whether hackers moved from Sabre's systems into its own computers, two of the people familiar with the examination said. The carrier shares some network infrastructure with Sabre, a onetime subsidiary that it spun off as a separate company in 2000. American and Sabre began contracting with outside experts to conduct the probe within the last month, said the people with knowledge of the inquiry.
American said the Fort Worth, Texas-based airline is looking into the possibility that hackers entered its systems but hasn't confirmed an intrusion. "Based on our deep and extensive investigations with the help of outside cybersecurity experts, American has found no evidence that our systems or network have experienced a breach like those at OPM or Anthem," he said.
"We are working closely with our partners to further investigate," spokesman Casey Norton Norton said, adding that the company takes cyber threats seriously and goes "above and beyond any notification requirements."
Sabre said it had "recently learned of a cybersecurity incident" and was investigating but couldn?t say what data may have been stolen or who it believed was responsible.
"We are not aware that this incident has compromised sensitive protected information, such as credit card data or personally identifiable information, but our investigation is ongoing," Sabre said in a statement.
