How Hotels Can Protect Against Data Leakage

The data stolen from Choice Hotels stands as another stark reminder that consumers are right to fear for their privacy until companies recognize their responsibility and invest in people, processes, and tools that can ensure they identify and remediate risk before it can be exploited. 


By Chris DeRamus, co-founder and CTO, DivvyCloud. 8.15.2019

According to reports this week, 700,000 records belonging to Choice Hotels have reportedly been stolen, with hackers demanding payment for their return. Comparitech, in collaboration with security researcher Bob Diachenko, found an unsecured database containing data belonging to the hotel franchise on July 2, 2019, after the database was indexed by the BinaryEdge search engine.

Of course, consumer privacy (or the lack thereof) is a huge societal concern and is manifesting itself through many forms, including regulation like the California Consumer Privacy Act and General Data Protection Regulation.

The data stolen from Choice Hotels stands as another stark reminder that consumers are right to fear for their privacy until companies recognize their responsibility and invest in people, processes, and tools that can ensure they identify and remediate risk before it can be exploited.  Hotels collect highly sensitive information on their guests including copies of passports/IDs, payment information, names, phone numbers, email addresses and more.

As such, cyberattacks aimed at hospitality organizations are on the rise. In the past year, we’ve seen multiple hotel giants suffer from data breaches, such as Marriott’s Starwood Hotels and Pyramid Hotel Group.

The data stolen from Choice Hotels in this incident could be used by cyber criminals to launch sophisticated phishing attacks aimed at the guests’ whose information was compromised, potentially prompting them to unknowingly provide even more sensitive information to the hackers. Most of these breaches are caused by misconfigurations that are exploited by an attacker, and many are from cloud misconfigurations.

To prevent misconfigurations and protect against data leakage, companies should employ automated cloud security solutions that continuously monitor cloud environments for proper security controls and can even trigger automated remediation in real time in the event of a misconfiguration.

Chris DeRamus is the co-founder and Chief Technology Officer of DivvyCloud. He leads DivvyCloud’s technology team and product development.

Are you an industry thought leader with a point of view on hotel technology that you would like to share with our readers? If so, we invite you to review our editorial guidelines and submit your article for publishing consideration.