Bloomberg recently revealed that Sabre's computer systems had been hacked.
The pattern of the hack is consistent with that of US health insurers and the US government's Office of Personnel Management, so responsibility is being put squarely to a group of hackers with links to China.
A quick scan of online sites suggests that a group connected to an agency of the Chinese government obtained information about individuals for espionage or potential blackmail but this is conjecture and the true culprit and the real objective is not officially known.
That does not, however, stop us looking at possible implications for risk management.
One week after United Airlines revealed that its frequent flyer programme had been hacked, the Bloomberg story reported that Sabre and, through Sabre, its former owner American Airlines (although AA has yet to confirm this officially) had also been hit in the same way at the same time and, presumably, by the same group.
Why are hackers connected with China hacking US travel companies and should travel buyers be concerned?
Continued below
Hackers may well have taken personal information ©scyther5/iStockThe irony that "the Hack" followed Sabre's recent, well-publicised "Hackathon" in London has not been lost.
The Hackathon brought together developers from around the world to develop an app that could transform global travel.
The Hack is transforming how we think of personal data.
It was not that long ago that there were long discussions about who had the right to know what was in a PNR because the knowledge that someone had requested an Asian vegetarian meal might be sufficient for that traveller to be identified as a potential terrorist. This is another layer of concern.
Details of travellers as held in frequent flyer programmes and in Sabre PNRs may now be known by a group or agency in China. These are unlikely to be financial details but they will include personal data such as "‹date of births and passport numbers.
Airlines and those involved in travel management from the GDS to the TMC and corporate travel departments collect personal data for the travellers' convenience — enabling suppliers to deliver their preferences from seating to special meals to simple recognition of regular customers. Suppliers and intermediaries want this data because it is commercially powerful from targeting special offers to informing revenue management departments.
Duty of care means that a company is responsible for the health and safety of its employees and must not expose its travellers to undue risk.
Risk management includes protection of personal data which in the case of United and Sabre and, possibly, American a foreign group is now likely to have At the very least, travel managers need to tell travellers with frequent flyer accounts to change their passwords.
The point is that most of us can't even begin to conceive how important our personal data is, today or in the future.