There are many examples of data security breaches in hotel chains. One hotel chain, ‘The Marriotts’ reservation system was hacked with an estimated 500Million reservation information stolen. This figure was later reduced to 383Million once the investigation had completed.
‘Those stolen records potentially include; unencrypted names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account information, dates of birth, genders, arrival and departure information, reservation dates, and communication preferences.’
The company who provided the reservation service subsequently had its contract terminated. The reservation system was compromised for four years before the discovery. For those who had their identity stolen and replaced their passports was paid for by the hotel chain.
While there is little you can do as a customer to protect your personal information given to a hotel, you assume they will protect this information sufficiently.
Steps to reduce Cyber Risks
Hotel chains can train their staff and dictate the security requirements for Cyber Security to any third party connected to their business.
A Cyber Risk assessment combined with a Cyber resiliency review would have gone a long way to help mitigate the attack, which is more than just an audit. Staff trained in Cyber Security and not just Information Technology would also help reduce the risk.
If you are using the hotel’s Wi-Fi, assume that what you send over the network can be intercepted and monitored as you do not know the level of security applied to that network.
You can use a Virtual Private Network (VPN) to help reduce the risk of eavesdropping your data.
Keep your computer operating systems and software up to date, especially since you do not know if their system is already compromised.
Keep your electronic devices with you and if you must leave your laptop in the room, then put it in the safe. However, remember, all safes have a default backdoor to get into in case the customer forgets their code.
These simple steps will help reduce the risk of compromise.