A number of employees at Google have been warned that some of their personal information may have been compromised because of a third party data breach.
Sabre Hospitality Solutions is a platform allowing users to plan trips and book hotels through their site. Sabre developed the SynXis Central Reservation System to allow guests, hotels and travel agencies from all over the world to book travel and accommodation through the unified service.
Google uses Calson Wagonlit Travel as the middle-man to arrange work-related trips for its employees. Unfortunately, Sabre’s database was hacked, meaning personal information belonging to Google’s recently travelled employees may have been compromised.
Employees notified
Google notified affected employees with a letter detailing the breach, the risks they may be exposed to and advice on how to mitigate any harm caused. The hacker who breached Sabre’s database reportedly obtained employee contact details and payment card information.
Sabre and its IT department are said to be working hard to pinpoint when the hacker managed to get in. It’s believed that access has occurred multiple times between 10th August 2016 and 9th March 2017. As Sabre deletes reservation information after 60 days, it may be difficult to determine exactly which employees are affected and exactly what information was compromised.
Google offers employees security monitoring
Google has offered affected employees two years of free cyber-security monitoring to check for things like identity theft and unauthorised bank transactions. This seems to be the common procedure between companies when employees have had personal information wrongfully exposed. Whilst the breach didn’t happen inside Google, they can’t just sidestep the blame. As a data controller, Google not only has an obligation to make sure the information they hold and use is secure against breaches, but they also need to properly vet third parties to ensure their security measures are good enough before sharing information with them.
Not the first time…
This isn’t the first time Google employees have been put at risk because of a third party breach. Last May, some Google employees were informed that a third-party benefits vendor accidentally sent sensitive information to the wrong recipient. In that incident, employee names and social security numbers were compromised.
We know more needs to be done to protect against data crimes
In a world where so many things are digitalised, we can’t be so naive to expect that our information is watertight. Leaks can happen through many channels like an unsecured online retailer or an organisation which doesn’t encrypt its databases… It all leads to personal information floating around – mostly in the “dark web”.
Like pieces of a puzzle… it might be your name or email address or info that informs you have a preference for buying blue trousers, or that you recently switched internet providers or even partial bank details… Fraudsters can harvest it all together allowing them to complete your ‘profile’ and plan their attack.
With the accumulation of information, cyber criminals and fraudsters can commit acts of identity theft or contact you under false pretences to try and scam you out of money.