Login

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Many hotels accidentally leak guests' personal data: Symantec

Reprints
Cyber Risks Emerging Risks Technology More + Less -
Symantec

(Reuters) — Two out of three hotel websites inadvertently leak guests' booking details and personal data to third-party sites, including advertisers and analytics companies, according to research released by Symantec Corp. on Wednesday.

The study, which looked at more than 1,500 hotel websites in 54 countries that ranged from two-star to five-star properties, comes several months after Marriott International Inc. disclosed one of the worst data breaches in history.

Symantec said Marriott was not included in the study.

Compromised personal information includes full names, email addresses, credit card details and passport numbers of guests that could be used by cyber criminals who are increasingly interested in the movements of influential business professionals and government employees, Symantec said.

"While it's no secret that advertisers are tracking users’ browsing habits, in this case, the information shared could allow these third-party services to log into a reservation, view personal details and even cancel the booking altogether," said Candid Wueest, the primary researcher on the study.

The research showed compromises usually occur when a hotel site sends confirmation emails with a link that has direct booking information. The reference code attached to the link could be shared with more than 30 different service providers, including social networks, search engines and advertising and analytics services.

Mr. Wueest said 25% of data privacy officers at the affected hotel sites did not reply to Symantec within six weeks when notified of the issue, and those who did took an average of 10 days to respond.

"Some admitted that they are still updating their systems to be fully GDPR-compliant," Mr. Wueest said, referring to Europe's new privacy law, or the General Data Protection Regulation, which took effect about a year ago and has strict guidelines on how organizations should deal with data leakage.

 

 

 

 

Read Next

  • Marriott cuts estimate on size of massive Starwood hack

    (Reuters) — Marriott International Inc. on Friday said fewer than 383 million customer records were stolen in a massive cyberattack disclosed last month, down from its initial estimate that up to 500 million guests were affected.

Related Stories

Most Read in Risk Management

Sign up for Daily Briefing, the free email newsletter from Business Insurance.

About

Advertise

Reprints and Licensing

Resources

. Privacy PolicyTerms of Use

COPYRIGHT © 2024 BUSINESS INSURANCE HOLDINGS

Member, Beacon International Group, Ltd.