Google sent notification letters to a number of employees about the data breach. It mentioned that their names, contact information and payment card data may have been affected.
“This did not affect Google’s systems. However, this incident impacted one of the travel providers used by Googlers, Carlson Wagonlit Travel (CWT).” Statement reads.
CWT and Google were not breached. The report suggests that it was fourth party data breach. Google was working with third-party vendor CWT who was using Sabre’s SynXis CRS.
“CWT subsequently notified Google about the issue on June 16, 2017, and we have been working with CWT and Sabre to confirm which Google travellers were affected,” the company mentioned.
According to the reports, the attacker gained access to some of CWT’s hotel reservations made through Sabre’s SynXis CRS.
“However, because the SynXis CRS deletes reservation details 60 days after the hotel stay, we are not able to confirm the specific inforamtion associated with every affected reservation,” Google noted.
CyberGRX CEO Fred Kneip emailed eSecurity Planet that it is difficult to determine which vendors can cause a data breach.
“A company the size of Google, whose reputation depends in large part on its ability to keep data secure, has thousands of third parties in its digital ecosystem,” Kneip said. “Attackers are clearly focused on the weakest links within those ecosystems — third parties like HVAC vendors and travel agencies — in order to do real damage.”
A recent Bomgar survey of 608 IT professionals shows that an average of 181 vendors are provided access to a company network.
“Security professionals must balance the business needs of those accessing their systems — whether insiders or third parties — with security,” Bomgar CEO Matt Dircks said in a statement.
“As the vendor ecosystem grows, the function of managing privileged access for vendors will need to be better managed through technology and processes that provide visibility into who is accessing company networks, and when, without slowing down business processes,” Dircks added.
____________________________________________________________________________________________
Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.