Four Seasons compromised by third-party data breach
Four Seasons compromised by third-party data breach
11 JULY 2017 8:38 AM

Four Seasons Hotels and Resorts is the latest brand to inform its guests of a data security breach via a third-party hotel reservations provider, Sabre, which occurred between 10 August 2016 and 9 March 2017. 

TORONTO, July 10, 2017 -- Four Seasons Hotels and Resorts was recently informed of a data security incident at Sabre, a third-party hotel reservations provider to thousands of hotel properties, including those managed by Four Seasons. The incident involved unauthorized access to certain guest information associated with a subset of hotel reservations processed through Sabre's SynXis Central Reservations System (CRS) from August 10, 2016 until March 9, 2017. Sabre has confirmed that the issue has been contained and the unauthorized access has been revoked, but some guest information may have been compromised as a result of the incident.

What Happened

The Sabre CRS facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following an examination of forensic evidence, Sabre confirmed to Four Seasons Hotels and Resorts on June 6, 2017 that an unauthorized party gained access to account credentials that permitted unauthorized access to certain unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through Sabre's system.

Sabre's investigation determined that the unauthorized party first obtained access to payment card and other reservation information on August 10, 2016. The last access to payment card information was on March 9, 2017. Sabre's investigation did not uncover evidence that the unauthorized party removed any information from the system, but it is a possibility.

Sabre's CRS platform serves thousands of hotel properties in all market segments from independent properties to large global chains; many of these companies and other travel partners have been impacted by this incident. As a result, affected individuals may receive multiple notifications about this incident from multiple hotel properties or hotel brands, credit card companies, or other travel partners.

Reservations made on, with Four Seasons Worldwide Reservations Office, or made directly with any of Four Seasons 105 hotels or resorts were not compromised by this incident.

What Information was Involved

The unauthorized party was able to access payment card information for certain hotel reservation(s), including cardholder name; payment card number; card expiration date; and, potentially, card security code. The unauthorized party was also able, in some cases, to access certain information such as guest name, email, phone number, address, and other information. Information such as Social Security, passport, or driver's license number was not accessed.

What Sabre is Doing

Sabre has engaged a leading cybersecurity firm to support its investigation. Sabre also notified law enforcement and major credit card brands about this incident so that they can coordinate with card issuing banks to monitor for fraudulent activity on cards used.

What Affected Individuals Can Do

Affected individuals should remain vigilant for incidents of fraud and identity theft by regularly reviewing account statements and monitoring free credit reports for any unauthorized activity. If there is any suspicious or unusual activity on accounts, affected individuals should report it immediately to their financial institutions, as major credit card companies have rules that restrict them from requiring payment for fraudulent charges that are timely reported.

For More Information

Four Seasons is working closely with Sabre to ensure Four Seasons guests are notified in a timely manner and provided with appropriate information. Guests with available email or mailing addresses have been sent notification of this incident commencing on July 6, 2017.

For further questions regarding this incident or to determine whether your reservation has been impacted, please call the dedicated toll-free response line at 800-442-8960 (U.S. and Canada) and 503-520-4461 (international). This response line is staffed with professionals familiar with Sabre's data security incident and knowledgeable on what affected individuals can do to protect against misuse of their information. The response line is available 24 hours a day, Monday through Friday, with voicemail available outside of those hours. Translation services are available at the response line.

For additional information visit

The above is a news release written by a third party. While HNN’s editorial mission is to produce unique content, it occasionally publishes timely, newsworthy news releases to complement in-house reporting efforts. All news releases are clearly marked as such. For questions and clarification, please contact Editor-in-Chief Stephanie Ricca at 

No Comments

Comments that include blatant advertisements or links to products or company websites will be removed to avoid instances of spam. Also, comments that include profanity, lewdness, personal attacks, solicitations or advertising, or other similarly inappropriate or offensive comments or material will be removed from the site. You are fully responsible for the content you post. The opinions expressed in comments do not necessarily reflect the opinions of Hotel News Now or its parent company, STR and its affiliated companies. Please report any violations to our editorial staff.