Are you checking in with Hackers?
The hotel industry has been a prime target for hackers and this trend is likely to continue. So why are cyber attacks so prevelant within this sector?
Volumes of Data
Hotels hold vast quantities of data through many sources such as through their reservation systems for their customers . This will be personally identifiable information that would consist of names, addresss , e-mail addresses and passport details.
On–line Payment Processing
Customers will log-in on a hotel website to make a reservation which will require them to provide debit or credit card details. These details could be compromised in the event of a data breach. Payment transactions can also remain exposed for a while on computer systems which presents further opportunity. In 2017 hotels accounted for 92% of all point of sale intrusions.
The wi-fi in some hotels can be relatively insecure if their cyber security processes and procedures are not as robust as they should be. This can also lead to their data being compromised.
Symantec released a report this week which revealed that 67% of hotel websites surveyed leaked customer’s booking data. This was over 1500 hotel websites in 54 countries , this equates to two in three websites data could be used by third party sites such as advertisers.
Hotels relies on a supply chain which can include a number of contractors, broking and travel agencies . If there is a vulnerability with one of these it is possible that the hotel may be impacted by this causing business interruption or a data loss.
An Attractive Sector
This sector is a target because of the size of the market and the revenue that is generated each year, this provides opportunists threats for cyber criminals and the proliferation of fraud.
Cyber Attacks on the Hotel Industry
There have been a number of high profile cyber attacks on hotels where hackers have sought to steal data or cause disruption to the business.
Marriot International Hotels
This is the largest data breach in this sector but also one of the largest in the world.
500 million guests were exposed to this cyber attack which included names and addresses and passport numbers. The attack emanated from the Starwood guest reservation database with who they had recently merged.Starwood themselves had previously experienced a data breach a number of years earlier.
Hyatt Hotels Corp
Hackers hit the restaurants front desks and parking facilities at 40% of their hotels situated around the world over a four month period.
It is understood that malware was designed to collect cardholder names, numbers and expiration dates.
Access was gained via the payment card system but on this occasion their was no evidence that data was stolen. The systems were in fact attack twice , cardholder details were again the main target.
As with all business that rely heavily on business via on-line transactions their cyber risk is very high and it is important that cyber risk management is a central focus to management.
Image : Shutterstock