Skip to main content

Many hotels leaking personal guest data

(Image credit: Image Credit: Pavel Ignatov / Shutterstock)

Imagine arriving to your dream destination for the honeymoon to some remote part of the world, only to learn that your reservation had been cancelled.

Who was behind this nefarious deed? Hackers, of course! At least, that's a possible scenario, according to a new cybersecurity report.

Two thirds of hotel websites aren't properly protecting booking details, leaving their customers vulnerable to data theft and tampering, Symantec uncovered today.

The investigation analysed 1,500 hotels in 54 countries, across five continents. These range from two-star locations to luxury, 5-star resorts with a view, and then some.

By taking advantage of this vulnerability, hackers could get their hands on a bunch of different information, including full names, email addresses, but also credit card details and passport numbers.

They could log into victims' reservations, view their personal data and even modify booking details, including cancelling their reservation altogether.

What the report also emphasised is that for some of the hotels, cybersecurity didn't seem to be that big of a priority, regardless of the strict rules imposed upon them by the GDPR.

A quarter of data privacy officers within these organisations, 25 per cent of them, did not reply for five weeks when informed of these findings. Those that did respond, took an average of 10 days to do so.

Some admitted that they're currently in the middle of updating their systems to be more in line with GDPR, which is a bit odd given that GDPR came into force almost a year ago.

Image Credit: Pavel Ignatov / Shutterstock