Hundreds of Hotels Affected by Data Breach at Hotel Booking Software Provider (Jun 26, 2018)
A data breach has occurred that affected the hotel booking software company "FastBooking" that has resulted in the theft of Personally Identifiable Information (PII) of guests from hundreds of hotels. The exact number of breach hotels is not currently known. FastBooking sent out an email to affected hotels detailing that a vulnerability in an application hosted on its server was leveraged to install information-stealing malware. The stolen data, depending on the hotel, included hotel guests names, address, email, and hotel booking information. In some cases card payment data was also stolen. FastBooking is providing hotels with templates to email their affected customers. The first hotel chain to inform their customers was "Prince Hotels & Resorts" located in Japan, which affected 124,963 guests who stayed at 82 of its hotels.
Recommendation: Bank accounts and credit card numbers should be protected with the utmost care, and only used with vendors that you trust to keep your information in compliance with the relevant standards. Regular monitoring of financial accounts in addition to identity protection and fraud prevention services can assist in identifying potential theft of data.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.