Hard Rock Hotels & Casinos alongside Loews Hotels have warned customers that a security failure may have resulted in the theft of their information . Both incidents appear to have been linked to a third-party reservation platform , SynXis , which only begun informing client hotels of the security breach in June , months after the attacks took place . Hard Rock Hotels & Casinos issued a statement informing customers of the data breach Attack.Databreach last week , which took place due to the Sabre Hospitality Solutions SynXis third-party reservation system . The hotel chain , which operates 176 cafes , 24 hotels and 11 casinos in 75 countries , said SynXis , the backbone infrastructure for reservations made through hotels and travel agencies , provided the avenue for data theft Attack.Databreach and the exposure Attack.Databreach of customer information . `` The unauthorized party first obtained access Attack.Databreach to payment card and other reservation information on August 10 , 2016 , '' the hotel chain said. `` The last access Attack.Databreach to payment card information was on March 9 , 2017 . '' Hard Rock Hotel & Casino properties in Biloxi , Cancun , Chicago , Goa , Las Vegas , Palm Springs , Panama Megapolis , Punta Cana , Rivera Maya , San Diego and Vallarta are all affected . According to Sabre , an `` unauthorized party gained access Attack.Databreach to account credentials that permitted unauthorized access Attack.Databreach to payment card information , as well as certain reservation information '' for a `` subset '' of reservations . The attacker was able to grab Attack.Databreach unencrypted payment card information for hotel reservations , including cardholder names , card numbers , and expiration dates . In some cases , security codes were also exposed Attack.Databreach , alongside guest names , email addresses , phone numbers , and addresses . In May , Sabre said an investigation into a possible breach was underway . In a quarterly SEC filing , the company said , `` unauthorized access has been shut off , and there is no evidence of continued unauthorized activity at this time . '' While Sabre has not revealed exactly how the system was breached , the company has hired third-party cybersecurity firm Mandiant to investigate . Loews Hotels also appears to be a victim of the same security failure . According to NBC , Sabre was also at fault and cyberattackers were able to slurp Attack.Databreach credit card , security code , and password information through the booking portal . In some cases , email addresses , phone numbers , and street addresses were also allegedly exposed Attack.Databreach . According to Sabre , its software is used by roughly 36,000 hotel properties . `` Not all reservations that were viewed included the payment card security code , as a large percentage of bookings were made without a security code being provided , '' Sabre said in a statement . `` Others were processed using virtual card numbers in lieu of consumer credit cards . Sabre has notified law enforcement and the credit card brands as part of our investigation . '' If you stayed in one of these properties on the dates mentioned above , you may be at risk of identity theft should the attackers choose to sell their stolen cache of data . Sabre suggests signing up for a free credit report -- available to US consumers once a year for free -- and notify their bank of any stolen activity . However , no compensation has yet been made available . These hotel chains are far from the only ones that have suffered a data breach Attack.Databreach in recent years . Back in April , InterContinental admitted that a data breach Attack.Databreach first believed to be isolated to 12 properties actually harmed roughly 1,200 , resulting in the exposure Attack.Databreach of customer credit card data .

An unknown number of managed service providers and their customers are victims of a massive , global cyber espionage campaign by a China-based threat actor that this week was also fingered in another attack against a U.S. group involved in lobbying around foreign trade policy . News of the campaigns coincides with Chinese President Xi Jinping ’ s first official visit to the U.S. to meet with President Trump . It suggests that cyber-enabled espionage out of China continues to be an issue , despite a September 2015 agreement between the U.S and Chinese governments not to support or engage in such activities . “ Even as IP-focused cyber-espionage has reduced since the Xi Jinping-Obama agreement , big business will continue to be targeted , if nothing else than for the influence they hold over governments , ” warns Hardik Modi , vice president of threat research at Fidelis Cybersecurity . Fidelis was one of the organizations that this week disclosed new cyber espionage activity by APT10 , a well-known China-based advanced threat group that is also known as Stone Panda . The other warning about the APT10 group 's resurgent activity , after a period of relative quiet , came from PwC UK and BAE Systems . According to Fidelis , its security researchers in February discovered a reconnaissance tool called `` Scanbox , '' previously associated with China government-sponsored threat actors , embedded on specific pages of the NFTC site . Among the infected page were those that NFTC board members used to register for meetings . It ’ s unclear how the APT10 group initially breached the site in order to embed Scanbox on it . “ Scanbox is a robust framework that can include a variety of reconnaissance modules , ” Modi says . It can , for instance , be used to determine the software running on a target system , the type and version of antivirus on it , and other details . “ In some instances , it has been known to serve up a JavaScript keylogger that can be used to grab Attack.Databreach credentials that the target enters on the page , ” he says . NFTC members have been major contributors to the dialogue around the new U.S. trade policy framework being developed by the Trump Administration . It is highly likely the APT10 group will use data that Scanbox collected Attack.Databreach to craft targeted attacks against them