A newly emerging ransomware group, known as Dunghill Leak, has declared that it is behind the recent cyberattack on Sabre, a global travel booking giant.
The group has asserted responsibility for the breach, claiming to have exfiltrated approximately 1.3 terabytes of sensitive data, which includes databases related to ticket sales, passenger information, employee records, and corporate financial data.
TechCrunch reported that Dunghill Leak made this claim on its dark web leak site, where it disclosed the extent of the data breach. The group alleges to have obtained databases containing information on ticket sales, passenger turnover, as well as personal data of Sabre employees.
Sabre spokesperson Heidi Castle responded to these claims, stating, “Sabre is aware of the claims of data exfiltration made by the threat group, and we are currently investigating to determine their validity.”
The ransomware group has posted a portion of the stolen files on its leak site and has threatened to make the entire cache “available soon.”
Screenshots shared by Dunghill Leak reveal database names related to booking details and billing, indicating the potential compromise of tens of millions of records. However, it remains uncertain whether the hackers actually accessed the databases themselves.
Additionally, employee records were among the exposed data. Screenshots included employee names, nationalities, passport numbers, and visa numbers.
The exact date of the alleged breach remains unknown, but screenshots posted by the ransomware group show data as recent as July 2022.
Notably, Dunghill Leak has previously claimed responsibility for cyberattacks on various organizations, including American designer and manufacturer Incredible Technologies, food giant Sysco, and Gentex, an automotive products manufacturer.
Sabre is a widely-used travel reservation system that powers booking and check-in processes for airlines and hotels in the United States.
This incident follows a recent cyberattack on Japanese watchmaker Seiko, where the ransomware gang BlackCat, also known as ALPHV, claimed responsibility. Seiko disclosed the breach in August, citing unauthorized access to a portion of its IT infrastructure and data exfiltration.
The cybersecurity community continues to monitor developments in this incident, with heightened concern over the potential impact on Sabre’s operations and the security of the data compromised during the breach.
