Among the top three targeted industries by cyber hackers around the world, hotels and the hospitality businesses are suddenly feeling the increase of the growing cybercrime rates.
Despite being bricks-and-mortar enterprises, they are considered one of the richest mines for data by hackers looking to utilise the data for nefarious purposes. Even before the global Covid-19 pandemic placed the hotel and leisure industry into full closure, the hotel industry was suffering 13% of cyber compromises – just shy of the retail and financial services sectors in the percentage rankings.
Whilst the hotel industry was struggling to pull itself through the pandemic aftermath, and with increasing staff shortages, many businesses turned their attention to the increasing need for technology to replace the face-to-face service they relied on. Check-in and onsite payments became a new normal – but also the biggest problem.
The hospitality sector has always been considered a personal service, with technology only recently being utilised to facilitate those areas. In-person conversation and telephone enquiries are now being replaced with virtual chat exchanges, with three times as many messages being sent post-Covid per guest in this new way of normalcy.
To seal the new normal expectation, the US committee department issued its first set of guidelines in 2021 for how hotels will secure customer data and critical software systems.
At the same time, authorities monitoring Covid’s spread have required more data from the hotel sector, such as guest contact details and health status. This potentially makes travel the biggest data grab of all time as hackers view international hotel chains and their huge volumes of transactions as an easy win.
The potential for hotel chains that run valuable loyalty schemes with millions of members that freely give up their data to earn points and improve their stay prospects also will be a high target for miners.
In 2014, the most high-profile cyber incident in recent history was the breach of Starwood’s database, happening just before the group was purchased by the world’s biggest hotel group, Marriott.
The hack was discovered after the deal was completed and resulted in the exposure of half a billion customers. Marriott was subsequently fined £18.4mn by the new GDPR acting on behalf of the EU – which was still less than the originally proposed £99mn fine.
Luxury hotel chains are the ultimate temptation for cybercriminals, such as the targeting of London’s Ritz hotel chain in August 2020. Hackers targeted the hotel restaurant reservation system to get guests to enter personal information and payment details.
Hotel data sets are legendary in their volumes, which requires extra data retention procedures to be up to scratch. Hotels have pushed more and more data storage towards external holders such as Amazon Web Services or Oracle – a move that means systems are being overseen by software experts.