Ransomware gang Dunghill Leak has claimed responsibility for a cyber attack against travel booking company Sabre.
Dunghill claimed in a post on its dark web data leaks site that it had stolen 1.3 terabytes of data from Sabre, including corporate financial information, passenger turnover and ticket sales data and personal employee information.
The ransomware gang validated its claims by sharing a portion of the stolen data, promising that the rest of the data will be “available soon”. Via the supplied screenshots of the data, it was found that the employee information allegedly stolen includes employee email addresses, work locations, names, nationalities, passport and visa numbers and even certain employee’s US I-9 forms. Of the passports supplied, many of them were confirmed to be of current Sabre employees, including a vice president.
Sabre has said it is investigating the group’s claims of a cyber attack. Sabre spokesperson Heidi Castle told technology news site TechCrunch: “Sabre is aware of the claims of a data exfiltration made by the threat group and we are currently investigating to determine their validity.”
It is not currently known when or how the data breach took place, however the screenshots supplied by Dunghill imply that it occurred around July 2022.
What is ransomware?
Ransomware is a type of malicious software which after infecting a device, encrypts the data on it. This means that the owner/user of the device is unable to access any of the data held on it. Malicious actors are then easily able to extort ransomware victims as they will demand payment from them to de-encrypt the files and allow them to access them safely once again.
This can cause a large amount of disruption both to individuals and to businesses, as it completely halts business processes until the ransomware is removed, whether this is through taking the device offline or paying the ransom. Ransomware can also spread across at network, impacting all devices used by a company or organization.