It is inevitable that you will have to share sensitive personal information, including your name, address, and payment details to book a luxury hotel stay, but are you aware of recent data breaches?
When planning a trip to a luxury hotel for work or leisure, the risks of sharing your personal details are probably at the back of your mind. The problem is that data breaches in the hospitality industry aren’t uncommon.
Read on to find out about five luxury hotels that have had data breaches and what you should know about them. This way, you can make an informed decision if you’ve been affected.
In 2018, Marriott announced that hackers had attempted to access its guest reservation database of 300 million people. Then, in March 2020, the hotel chain posted an announcement that an unexpected amount of guest information had been accessed using the login credentials of two employees. This turned out to be the data of a further 5.2 million guests.
The UK’s data privacy watchdog has fined the Marriott Hotels chain £18.4m for a major data breach because the company failed to put appropriate safeguards in place. However, it was acknowledged that Marriott had improved since then.
Data obtained by hackers in the Marriott data leak included names, phone numbers, passport numbers, and, more worryingly, credit card numbers (in an encrypted form). That said, it also included decryption keys stored in the same server as the credit card numbers!
Marriot went on to launch a web portal where users could check if their data had been accessed. You can read more about the Marriot data breach here.
2. MGM Resorts International
Marriott wasn’t unlucky and is just one of the many data breaches in the hospitality industry. In July 2019, data from MGM was leaked and published on a hacking forum. This included personal data from 10.6 million consumers who stayed at one of the MGM resorts.
Data that was breached included home addresses, drivers’ licenses, military ID cards, and passport numbers. The hospitality industry sits on a hotbed of valuable data which means it is an ideal database for hackers.
3. The Ritz London
The Ritz London launched an investigation into a potential breach that affected its food and beverage reservation system. They added that compromised data did not include any payment details, thankfully, and they swiftly notified all affected parties.
Although no payment details were taken, their ruse was very sophisticated and believable. They even copied the hotel’s official number, posed as hotel staff, and contacted guests who had a reservation. They then asked guests to “confirm” their bookings by providing their payment card details!
The scammers got through to one guest and informed her that their card was declined and requested she provided details of an alternative card and went on to spend over £1,000. They then called the guest again, pretending to be their bank, when the payment needed authorizing asking for the security code which they stated would cancel the transaction.
Fraudsters are getting more and more sophisticated. Therefore, it’s so important to never give your payment details out to anyone, especially if something seems slightly off about it. Make sure to call an official number of your bank if you are worried about any transactions or communication.
4. Choice Hotels International
Customers of Choice Hotels International were victims of a data breach through a browser error that repopulated information to another place when the page reloaded. Data breached included payment details, names, and email addresses.
Once Choice Hotels International identified the problem, they made changes to their website and how it responds to browsers. However, approximately 700,000 guests were exposed.
Overall, this issue occurred approximately 88,000 times from June 2015 through 12 November 2019. Choice later stated that their servers were not accessed.
5. Prestige Software
It’s not just hotels themselves at risk, but third-party hotel booking sites are also targeted.
Prestige software is a hotel reservation platform used by Hotels.com. Booking.com and Expedia. With sensitive information dating back as far as 2013, it was found that Prestige Software had been storing years of hotel guest and travel agent data without any protection in place. In total, over ten million data files were exposed.
As a result of the breach, Prestige Software could face GDPR action after it failed to follow the strict rules set out within the legislation, which includes a requirement to report the breach within 72 hours. The company could be fined about £18 million or 4 percent of annual global turnover.
Additionally, Sabre Hospitality Solutions announced that multiple hotel companies under them, including Hard Rock Café Hotels, Four Seasons Hotels and Resorts, Trump Hotels, and Club Quarter hotels, had been victims of a data breach.
Similarly, Expedia disclosed that around 880,000 payment card details had been impacted by a security breach in 2016 – 2017.
How to Avoid a Hospitality Data Breach
Despite these breaches, you can still visit your favorite hotel! There are just some simple steps you can take to reduce your risk or the impact of having your data stolen. These include:
- Experts recommend that consumers put a freeze on their credit reports to stop anyone from taking out a credit card or loan in their name if they have been a victim of a data breach.
- Regularly changing your passwords.
- Setting up credit monitoring if you do not have it already set up.
- Practicing good cybersecurity habits, such as avoiding clicking on links or opening attachments in emails, especially when you don’t know the sender.
- Keeping a record of your response so you are prepared if you file a lawsuit.
As well as the above, InterContinental Hotels Group, Wyndham Worldwide, Drury Hotels, Radisson Hotel Group, Huazhu Hotels Group, Hyatt Hotels Corporation, and Hilton have all suffered data breaches, so it’s important to stay alert and up to date with the latest news.
Been Victim to a Luxury Hotel Data Breach
Being victim to a data breach can be a stressful and worrying time, and there can be serious consequences. So, make sure you know your rights. Making a claim for a data breach can be a simple and straightforward process if you choose the right solicitor. The National Cyber Security Centre has some further advice.
If you have been a victim of a luxury hotel data breach and have some advice, please let us know in the comments below.