Hotel chains and travel technology companies are increasingly vulnerable to cyberattacks. They are key targets because of the amount of sensitive data and customer information that flows through them. Another reason is the frequent use of personal devices such as smartphones and laptops in hotel rooms. This increasing use of devices also makes hotels a prime target for cyber hackers.
A short list of recent issues illustrates the challenges facing the hotel industry. And these are just some of the high-profile cases. The actual number is probably much higher. Even if you’re an optimist, it’s hard to ignore the scale of the problem – predictions made in 2018 state that over 33 billion records will be stolen by cybercriminals in 2023 alone. And if you look at recent attempts, it may well be coming true.
In December 2022, a ransomware gang The Play took responsibility for a cyberattack on H-Hotels Germany that led to communications outages.
In November 2022, Sonder learned of an unauthorised access to one of its systems that contained certain guest data.
In September 2022, hackers told the BBC that they had carried out a destructive cyberattack on Holiday Inn owner Intercontinental Hotels Group (IHG) “for fun”.
Between May and July 2022, Shangri-La disclosed that “a sophisticated threat actor” had undetected bypassed IT ‘s security monitoring systems and illegally gained access to guest databases.
If you go further back the Marriott/Starwood breach took place sometime in 2014, but it wasn’t discovered until 2018, when an internal security tool caught a suspicious attempt to access the internal guest reservation database.
According to a survey conducted by Travel Technology Xchange (TTX), only one in five hotels has a formal policy for dealing with cybersecurity threats.
It’s not just hotel chains that are vulnerable. Booking.com was breached in 2018 when phone scammers targeted 40 employees of various hotels in the United Arab Emirates to obtain login details for the Booking.com extranet and gain access to several thousand guest profiles. Expedia’s Orbitz was hacked in 2017, resulting in the loss of customers’ credit card data.
Lithuanian startup Nord Security has become a Unicorn after a €91.6 million funding round in April 2022 that took its valuation to over €1.4 billion.
With customer data and identity theft at a premium, hacking customers’ credit card details is one of the biggest risks to a hotel’s security and reputation. Network security upgrades and staff training are critical here.
Expect to see more developments and companies working to offer improved products and higher levels of cyber security, but ultimately hotel companies need to be prepared with a formal policy, approach and processes while ensuring careful selection of robust distribution technology partners.