China-Backed Group Accused Of Travel Booking Breach

Investigators have linked the same China-backed group that stole US government personnel records to a more recent attack on travel booking company Sabre, which may also have affected American Airlines, according to a Bloomberg report.

Sabre, based in Southlake, Texas, acknowledged its systems were recently breached, but said it had not yet determined whether sensitive data had been affected.

Travel data at risk

“At this time, we are not aware that this incident has compromised sensitive protected information, such as credit card data or personally identifiable information, but our investigation is ongoing,” Sabre said in a statement.

Sabre is one of the world’s largest travel booking systems, and says it has data on more than one billion travellers per year. The incident hasn’t previously been reported, according to Bloomberg.

American Airlines, which spun Sabre into a separate firm in 2000 and still shares some IT infrastructure with it, said it was investigating whether the attack on Sabre also affected its own systems, but said it so far has found no evidence of a breach of sensitive data.

“American has worked with outside cyber security experts who checked digital signatures, IP addresses and the style of attack, and there’s no evidence to suggest a breach similar to that experienced by the U.S. Office of Personnel Management,” American stated.

China-backed group

Forensic evidence suggests that the incident was carried out by the same group responsible for a wave of attacks aimed at stealing sensitive data that could be used for espionage purposes, according to a report by Bloomberg, which cited three people with knowledge of the investigation.

That group, which investigators have said is linked to the Chinese government, has been linked to recent attacks on the US government’s Office of Personnel Management (OPM), as well as health insurer Anthem, United Airlines and a number of other targets that handle large amounts of personal data. Security experts have said the data targeted could be used to build profiles on individuals involved in US government or espionage activities and to track US contacts with Chinese nationals.

The group in question, called “Deep Panda” by IT security firm CrowdStrike, is distinct from the Chinese military hacking groups that have been accused of other US data attacks, and while little is known about it, it appears to be affiliated with China’s Ministry of State Security, which focuses on internal government stability, counter-intelligence and monitoring dissidents, researchers have said.

China ‘leading suspect’

US director of national intelligence James Clapper said in June that China was “the leading suspect” in the OPM attack, the first time the US government had publicly acknowledged its suspicions of China.

The Chinese government has denied it was behind the OPM attack, calling speculations about its involvement “irresponsible and unscientific”.

Are you a security pro? Try our quiz!