Categories: Security

China-Backed Group Accused Of Travel Booking Breach

Investigators have linked the same China-backed group that stole US government personnel records to a more recent attack on travel booking company Sabre, which may also have affected American Airlines, according to a Bloomberg report.

Sabre, based in Southlake, Texas, acknowledged its systems were recently breached, but said it had not yet determined whether sensitive data had been affected.

Travel data at risk

“At this time, we are not aware that this incident has compromised sensitive protected information, such as credit card data or personally identifiable information, but our investigation is ongoing,” Sabre said in a statement.

Sabre is one of the world’s largest travel booking systems, and says it has data on more than one billion travellers per year. The incident hasn’t previously been reported, according to Bloomberg.

American Airlines, which spun Sabre into a separate firm in 2000 and still shares some IT infrastructure with it, said it was investigating whether the attack on Sabre also affected its own systems, but said it so far has found no evidence of a breach of sensitive data.

“American has worked with outside cyber security experts who checked digital signatures, IP addresses and the style of attack, and there’s no evidence to suggest a breach similar to that experienced by the U.S. Office of Personnel Management,” American stated.

China-backed group

Forensic evidence suggests that the incident was carried out by the same group responsible for a wave of attacks aimed at stealing sensitive data that could be used for espionage purposes, according to a report by Bloomberg, which cited three people with knowledge of the investigation.

That group, which investigators have said is linked to the Chinese government, has been linked to recent attacks on the US government’s Office of Personnel Management (OPM), as well as health insurer Anthem, United Airlines and a number of other targets that handle large amounts of personal data. Security experts have said the data targeted could be used to build profiles on individuals involved in US government or espionage activities and to track US contacts with Chinese nationals.

The group in question, called “Deep Panda” by IT security firm CrowdStrike, is distinct from the Chinese military hacking groups that have been accused of other US data attacks, and while little is known about it, it appears to be affiliated with China’s Ministry of State Security, which focuses on internal government stability, counter-intelligence and monitoring dissidents, researchers have said.

China ‘leading suspect’

US director of national intelligence James Clapper said in June that China was “the leading suspect” in the OPM attack, the first time the US government had publicly acknowledged its suspicions of China.

The Chinese government has denied it was behind the OPM attack, calling speculations about its involvement “irresponsible and unscientific”.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple Security Flaw Being Actively Exploited

Update now. Vulnerability impacts a number of Apple iPhone, iPad and Mac models, and the…

12 hours ago

Yale University Names Firms Still Operating In Russia

Data from Yale University shows a number of big name tech companies continue to trade…

12 hours ago

Police Arrest Four Over BT Cable Theft In North Yorkshire

Police make arrests after Openreach confirms to Silicon UK that a cable theft left 200…

1 day ago

UK Staff Resisting ‘Big Return’ To The Office, Says infinitSpace

Remote working to stay? Majority of business leaders are struggling to get staff to return…

1 day ago

Apple Axes 100 Recruiters, Amid Hiring Slowdown – Report

Hiring slowdown at Apple? Tech giant reportedly lets go 100 contract-based recruiters in the past…

1 day ago