Hard Rock Hotels & Casinos alongside Loews Hotels have warned customers that a security failure may have resulted in the theft of their information . Both incidents appear to have been linked to a third-party reservation platform , SynXis , which only begun informing client hotels of the security breach in June , months after the attacks took place . Hard Rock Hotels & Casinos issued a statement informing customers of the data breach Attack.Databreach last week , which took place due to the Sabre Hospitality Solutions SynXis third-party reservation system . The hotel chain , which operates 176 cafes , 24 hotels and 11 casinos in 75 countries , said SynXis , the backbone infrastructure for reservations made through hotels and travel agencies , provided the avenue for data theft Attack.Databreach and the exposure Attack.Databreach of customer information . `` The unauthorized party first obtained access Attack.Databreach to payment card and other reservation information on August 10 , 2016 , '' the hotel chain said. `` The last access Attack.Databreach to payment card information was on March 9 , 2017 . '' Hard Rock Hotel & Casino properties in Biloxi , Cancun , Chicago , Goa , Las Vegas , Palm Springs , Panama Megapolis , Punta Cana , Rivera Maya , San Diego and Vallarta are all affected . According to Sabre , an `` unauthorized party gained access Attack.Databreach to account credentials that permitted unauthorized access Attack.Databreach to payment card information , as well as certain reservation information '' for a `` subset '' of reservations . The attacker was able to grab Attack.Databreach unencrypted payment card information for hotel reservations , including cardholder names , card numbers , and expiration dates . In some cases , security codes were also exposed Attack.Databreach , alongside guest names , email addresses , phone numbers , and addresses . In May , Sabre said an investigation into a possible breach was underway . In a quarterly SEC filing , the company said , `` unauthorized access has been shut off , and there is no evidence of continued unauthorized activity at this time . '' While Sabre has not revealed exactly how the system was breached , the company has hired third-party cybersecurity firm Mandiant to investigate . Loews Hotels also appears to be a victim of the same security failure . According to NBC , Sabre was also at fault and cyberattackers were able to slurp Attack.Databreach credit card , security code , and password information through the booking portal . In some cases , email addresses , phone numbers , and street addresses were also allegedly exposed Attack.Databreach . According to Sabre , its software is used by roughly 36,000 hotel properties . `` Not all reservations that were viewed included the payment card security code , as a large percentage of bookings were made without a security code being provided , '' Sabre said in a statement . `` Others were processed using virtual card numbers in lieu of consumer credit cards . Sabre has notified law enforcement and the credit card brands as part of our investigation . '' If you stayed in one of these properties on the dates mentioned above , you may be at risk of identity theft should the attackers choose to sell their stolen cache of data . Sabre suggests signing up for a free credit report -- available to US consumers once a year for free -- and notify their bank of any stolen activity . However , no compensation has yet been made available . These hotel chains are far from the only ones that have suffered a data breach Attack.Databreach in recent years . Back in April , InterContinental admitted that a data breach Attack.Databreach first believed to be isolated to 12 properties actually harmed roughly 1,200 , resulting in the exposure Attack.Databreach of customer credit card data .

Hard Rock Hotels & Casinos alongside Loews Hotels have warned customers that a security failure may have resulted in the theft of their information . Both incidents appear to have been linked to a third-party reservation platform , SynXis , which only begun informing client hotels of the security breach in June , months after the attacks took place . Hard Rock Hotels & Casinos issued a statement informing customers of the data breach Attack.Databreach last week , which took place due to the Sabre Hospitality Solutions SynXis third-party reservation system . The hotel chain , which operates 176 cafes , 24 hotels and 11 casinos in 75 countries , said SynXis , the backbone infrastructure for reservations made through hotels and travel agencies , provided the avenue for data theft Attack.Databreach and the exposure Attack.Databreach of customer information . `` The unauthorized party first obtained access Attack.Databreach to payment card and other reservation information on August 10 , 2016 , '' the hotel chain said. `` The last access Attack.Databreach to payment card information was on March 9 , 2017 . '' Hard Rock Hotel & Casino properties in Biloxi , Cancun , Chicago , Goa , Las Vegas , Palm Springs , Panama Megapolis , Punta Cana , Rivera Maya , San Diego and Vallarta are all affected . According to Sabre , an `` unauthorized party gained access Attack.Databreach to account credentials that permitted unauthorized access Attack.Databreach to payment card information , as well as certain reservation information '' for a `` subset '' of reservations . The attacker was able to grab Attack.Databreach unencrypted payment card information for hotel reservations , including cardholder names , card numbers , and expiration dates . In some cases , security codes were also exposed Attack.Databreach , alongside guest names , email addresses , phone numbers , and addresses . In May , Sabre said an investigation into a possible breach was underway . In a quarterly SEC filing , the company said , `` unauthorized access has been shut off , and there is no evidence of continued unauthorized activity at this time . '' While Sabre has not revealed exactly how the system was breached , the company has hired third-party cybersecurity firm Mandiant to investigate . Loews Hotels also appears to be a victim of the same security failure . According to NBC , Sabre was also at fault and cyberattackers were able to slurp Attack.Databreach credit card , security code , and password information through the booking portal . In some cases , email addresses , phone numbers , and street addresses were also allegedly exposed Attack.Databreach . According to Sabre , its software is used by roughly 36,000 hotel properties . `` Not all reservations that were viewed included the payment card security code , as a large percentage of bookings were made without a security code being provided , '' Sabre said in a statement . `` Others were processed using virtual card numbers in lieu of consumer credit cards . Sabre has notified law enforcement and the credit card brands as part of our investigation . '' If you stayed in one of these properties on the dates mentioned above , you may be at risk of identity theft should the attackers choose to sell their stolen cache of data . Sabre suggests signing up for a free credit report -- available to US consumers once a year for free -- and notify their bank of any stolen activity . However , no compensation has yet been made available . These hotel chains are far from the only ones that have suffered a data breach Attack.Databreach in recent years . Back in April , InterContinental admitted that a data breach Attack.Databreach first believed to be isolated to 12 properties actually harmed roughly 1,200 , resulting in the exposure Attack.Databreach of customer credit card data .

An unsecured Kubernetes container management console allowed cyber-attackers to breach Attack.Databreach a Tesla cloud account that contained sensitive data , including telemetry data from the company ’ s electric cars , according to a report by security company RedLock . Details about Tesla cloud account breach Attack.Databreach where included in RedLock report as an example of the cyber-security threats face enterprises that store sensitive data and run important business applications on cloud services . RedLock ’ s Cloud Security Intelligence team found that the Tesla breach Attack.Databreach resulted from the exposure Attack.Databreach of Amazon Web Services security credentials after hackers penetrated Attack.Databreach Tesla ’ s Kubernetes console , which was not password protected This led to the exposure Attack.Databreach of the company ’ s Amazon S3 cloud account , which contained sensitive data including the Tesla vehicle telemetry . What was most remarkable about the CSI report was that the problems that affect on premises infrastructure are the same ones that affect cloud infrastructure . The difference is that most organizations have learned over the years to provide at least some level of protection for their on premises infrastructure and assets . Unfortunately , it appears that the same isn ’ t true of their cloud resources . Part of the problem , it appears , comes from a lack of familiarity with managing cloud services . But security for those services does exist is readily available . Amazon , for example regularly sends out emails to AWS users explaining what security measures , products and services are available for its cloud environments . Unlike private , on-premises environments , the public cloud is just that—public . That means it can be accessed by anyone , including an attacker that possesses the credentials that can enable access from anywhere . What that means is that access security is even more important , because you have no means of preventing a criminal from trying to gain access . But it also means that monitoring your cloud environment is just as important as your on premises physical environment . Monitoring at least provides a way to find an attacker that ’ s gotten past your access controls . The CSI team also recommends a “ deny all ” setting on your firewall for outbound cloud traffic , and setting your cloud so that configuration changes are automatically reported . The key here is to remember that while the cloud provider can play a role in helping ensure your cloud is secure , they can ’ t do it alone . It ’ s your part of the cloud , your data , and you ’ re paying for those computing assets . It ’ s your job to make sure they ’ re secure .

An unsecured Kubernetes container management console allowed cyber-attackers to breach Attack.Databreach a Tesla cloud account that contained sensitive data , including telemetry data from the company ’ s electric cars , according to a report by security company RedLock . Details about Tesla cloud account breach Attack.Databreach where included in RedLock report as an example of the cyber-security threats face enterprises that store sensitive data and run important business applications on cloud services . RedLock ’ s Cloud Security Intelligence team found that the Tesla breach Attack.Databreach resulted from the exposure Attack.Databreach of Amazon Web Services security credentials after hackers penetrated Attack.Databreach Tesla ’ s Kubernetes console , which was not password protected This led to the exposure Attack.Databreach of the company ’ s Amazon S3 cloud account , which contained sensitive data including the Tesla vehicle telemetry . What was most remarkable about the CSI report was that the problems that affect on premises infrastructure are the same ones that affect cloud infrastructure . The difference is that most organizations have learned over the years to provide at least some level of protection for their on premises infrastructure and assets . Unfortunately , it appears that the same isn ’ t true of their cloud resources . Part of the problem , it appears , comes from a lack of familiarity with managing cloud services . But security for those services does exist is readily available . Amazon , for example regularly sends out emails to AWS users explaining what security measures , products and services are available for its cloud environments . Unlike private , on-premises environments , the public cloud is just that—public . That means it can be accessed by anyone , including an attacker that possesses the credentials that can enable access from anywhere . What that means is that access security is even more important , because you have no means of preventing a criminal from trying to gain access . But it also means that monitoring your cloud environment is just as important as your on premises physical environment . Monitoring at least provides a way to find an attacker that ’ s gotten past your access controls . The CSI team also recommends a “ deny all ” setting on your firewall for outbound cloud traffic , and setting your cloud so that configuration changes are automatically reported . The key here is to remember that while the cloud provider can play a role in helping ensure your cloud is secure , they can ’ t do it alone . It ’ s your part of the cloud , your data , and you ’ re paying for those computing assets . It ’ s your job to make sure they ’ re secure .