Symantec Corp released research stating two of three hotel websites that they looked into had unintentionally leaked guest information to third-party sites. The info released from bookings included names, emails, credit card information, and passport numbers. Symantec explained that the information is highly desired by cybercriminals.
Symantec looked into over 1,500 hotel websites in over 50 countries. The research came two months after Marriott International announced a data breach. The hackers in the Marriott breach accessed the reservation systems for Marriott’s Starwood subsidiaries. They were able to receive private information of about 500 million customers. The private details even showed records of travel schedules and who particular people traveled with. The information that was hacked drew speculation that it was done by nation-state hackers trying to gain information on diplomats, high ranked military, and business executives.
According to Symantec, the compromises typically occur when the site sends a confirmation email. The link within that email typically has a reference code that attaches to other service providers like social media outlets, search engines, and marketing services.
Last year, Europe passed the General Data Protection Regulation which strictly enforces guidelines on how companies should handle private information and how to deal with any potential data leaks. Organizations that do not abide by the General Data Protection Regulation could face steep fines.
When information is left at risk for identity theft, it can result in a series of problems in the victim’s name including the opening of bank accounts, credit cards, and lines of credit.
Organizations are trusted with personal information on a daily basis. Are you protected in case of a data breach? Our insurance programs protect you and your business in the event that personal information has been exposed to cyber theft. Contact us today to learn more about a Cyber Liability policy.