Both incidents appear to have been linked to a third-party reservation platform, SynXis, which only begun informing client hotels of the security breach in June, months after the attacks took place.
Hard Rock Hotels & Casinos issued a statement informing customers of the data breach last week, which took place due to the Sabre Hospitality Solutions SynXis third-party reservation system.
The hotel chain, which operates 176 cafes, 24 hotels and 11 casinos in 75 countries, said SynXis, the backbone infrastructure for reservations made through hotels and travel agencies, provided the avenue for data theft and the exposure of customer information.
"The unauthorized party first obtained access to payment card and other reservation information on August 10, 2016," the hotel chain said. "The last access to payment card information was on March 9, 2017."
More at ZDNet....