A group of China-linked hackers that has mowed through the databanks of major American health insurers and stolen personnel records of U.S. military and intelligence agencies has struck at the heart of the nation’s air-travel system, say people familiar with investigations of the attacks.
Sabre Corp., which processes reservations for hundreds of airlines and thousands of hotels, confirmed that its systems were breached recently, while American Airlines Group Inc., the world’s biggest carrier, said it is investigating whether hackers had entered its computers.
Both companies were hacked as part of the same wave of attacks that targeted insurer Anthem Inc. and the U.S. government’s personnel office, according to three people with knowledge of the cybersecurity probes. The investigators have tied those incursions to the same China-backed hackers, an assessment shared by U.S. officials, the people said.
The latest incidents, which haven’t previously been reported, are the broadest yet on the U.S. travel industry, emerging a week after security experts attributed an attack on United Airlines, the world’s second-largest carrier, to the same group.
The plundered information would add to a trove already believed to include personal and employment details from background checks on millions of government employees and contractors, as well as medical histories. A foreign government could use the data to build profiles of U.S. officials and contractors, establishing information that could be used to blackmail them into providing intelligence. A government could also track the travel of U.S. officials and workers to detect military or intelligence operations, or compare their movements with those of its own citizens.
The American and Sabre incidents are consistent with the hacks of the U.S. Office of Personnel Management, the people familiar with the probe said. American was provided with Internet Protocol addresses used by the OPM hackers, which matched activity found in the carrier’s computer logs, one person said.
American spokesman Casey Norton said the Fort Worth, Texas- based airline is looking into the possibility that hackers entered its systems but hasn’t confirmed an intrusion. “Based on our deep and extensive investigations with the help of outside cybersecurity experts, American has found no evidence that our systems or network have experienced a breach like those at OPM or Anthem,” he said.
“We are working closely with our partners to further investigate,” Norton said, adding that the company takes cyber threats seriously and goes “above and beyond any notification requirements.”
Sabre said it had “recently learned of a cybersecurity incident” and was investigating but couldn’t say what data may have been stolen or who it believed was responsible.