Mar112010

Hotels are #1 Sector for Credit Card Data Breach

Hotels became the most breached sector for credit card data theft in 2009, representing just over a third of all major breaches. This was news to me when I heard hotels were the number 1 target for major data breaches last week. The Westin Bonaventure is the latest hotel location to announce a new credit card data breach. Westin Hotels published an alert Friday, March 5.

In searching for the Westin press release I saw Barbara De Lollis covered the Westin story on Sunday, March 7 and she published an even more comprehensive story on credit card data breaches in hotels last week, “Cybercriminals still consider hotels easy targets for credit card info” on March 2.  Read her stuff. She says this was her most read story for the month.

The Carlson Hotels conference last week had a security session and covered credit card data theft and security actions hotels need to take.  The message I heard is that in most cases it is a relatively easy and inexpensive upgrade at the hotel level to prevent attacks. Carlson offered resource assistance to its hotel members for developing a secure data environment. This was another one of those big picture aspects of hotel travel that I really had not given much thought to in the past. And now more data breach stories are hitting the news since then.

Another aspect of traveling in the global hotel world I guess we need to consider as frequent guests is the security resources a larger company can place in protecting your credit card data. Barbara’s article shares insight of Nicholas Percoco, a data breach investigator with Trustwave.

“Percoco wouldn’t identify hotel clients, but he did suggest that some chains are being more proactive than others in trying to thwart hackers.

“Your larger hotel chains have started to take action,” he said.

“Now where the larger risk probably lies – once the brand names lock up their systems – is with the independent hotels,” Percoco said. “Many don’t have the resources and don’t have centralized staff to help them out.”

Barbara De Lollis, Hotel Check-in “Cybercriminals still consider hotels easy targets for credit card info(March 2, 2010)  

Related Story links:

Hotel Hackers Attack Westin Bonaventure hotel’s restaurants, valet parking networks – Barbara DeLollis, Hotel Check-In, USA Today (March 7, 2010)

Westin is Latest hotel to be Hit by Hackers – Infosecurity (March 8, 2010)

Wyndham Hotels & Resorts Open Letter regarding hacker breach (February, 2010)

Westin Bonaventure Data Security Breach – PR Newswire (March 5, 2010)

Radisson Database Hacked – Infosecurity (August, 2009)

About Ric Garrido

Ric Garrido of Monterey, California started Loyalty Traveler in 2006 for traveler education on hotel and air travel, primarily using frequent flyer and frequent guest loyalty programs for bargain travel. Loyalty Traveler joined BoardingArea.com in 2008.

More articles by Ric Garrido »

Comments

  1. Ric, hi. thanks for the shout out! this is a fascintating issue that deserves our close attention.
    on that note, i’d like to get your take on this (yr readers are welcome to email me, too) … Do you think hotels/chains that improve their networks’ security should tout the fact to consumers — or not? They could tell customers at the front desk or on TV system something like this: “Hotel XYZ has improved its online security to protect your credit card data.” (of course, legal would probably prevent this because if there WAS a breach, then…well, just imagine.)
    i’ll write up a story once i gather enough feedback from travelers.
    cheers, Barbara from Hotel Check-In at bdelolli@usatoday.com

  2. No, hotels shouldn’t do that. My immediate question would be — so what was wrong with your system when I stayed here the last time?

    Credit card companies should crack down on merchants that cause such breaches. E.g., if hotel XYZ is sloppy and causes lots of cards to be compromised, throw them out of the card program. Since credit cards are a must-have for hotels, that’s a great incentive to protect the data. As a consumer I am fairly well protected and “just” have to deal with the hassle of getting the card replaced, signing an affidavid, and maybe changing all my automatic debits to another number. But I am not on the hook for massive charges to my account.

Comments are closed.