On December 23, 2020, 26 state attorneys general reached a $2.4 million settlement agreement with travel technology company Sabre Corporation over a 2017 data breach within Sabre’s hotel booking system, which exposed the credit card information of nearly 1.3 million travelers between August 2016 and March 2017.
Under the settlement, Sabre must develop “a comprehensive information security program,” maintain “a written incident response and data breach notification plan,” and “undergo a third-party security assessment.”