Choice Hotel Data Breach Affects up To 700,000 Customers

August 29, 2019

Written by wukovits

Recently, an independent researcher named Bob Diachenko worked collaboratively with Comparitech. They discovered an unsecured database containing nearly 700,000 hotel records belonging to Choice Hotels.  Unfortunately, although Diachenko reported his finding to the company, hackers had beaten him to the punch and had already downloaded the file. They are now demanding a ransom for its return.

An investigation into the matter is ongoing. A spokesman for Choice Hotels reported that the bulk of the file consisted of test information, including dummy payment card numbers, passwords and populated reservation fields.  They did confirm, however, the presence of some 700,000 genuine guest records and included names, addresses and phone numbers.

The hackers left a ransom note in the database, demanding 0.4 Bitcoin for the safe return of the data.  Based on recent prices, that amounts to about $4,000. Assuming the company decides to pay and assuming the hackers keep their word, that is a small price to pay given the number of compromised records.

Choice Hotels reported that the database was exposed when a third-party vendor accessed it as part of a proposal to provide a tool.  Due to the lapse in security, Choice Hotels has decided not to work with that vendor again.

Their announcement about the incident reads, in part, as follows:

“We are evaluating other vendor relationships and working to put additional controls in place to prevent any future occurrences of this nature… We are also establishing a Responsible Disclosure Program and we welcome Mr. Diachenko’s assistance in helping us identify any gaps.”

This lukewarm response to the incident has done little to ease the concerns of Choice Hotels’ customers. To this point, no notifications have been sent out to customers whose data has been compromised.  If you stay at Choice Hotels when you travel, be mindful that you may be receiving targeted phishing emails and that your payment card information may have been compromised.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Send us a message

Your message was sent.