This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies.  Find out more here  Close
Hotel data breaches the result of basic failures within industry
May 17 2010

Despite hackers’ ability to navigate complex coding and sophisticated firewalls, it’s often the basic, easy-to-correct errors that lead to information security breaches at the property level.

Editor's note: This is the first installment in a five-part series about hotel information data security. Tomorrow's feature will examine ways to strengthen hotel defenses.

REPORT FROM THE U.S.—During late January 2010, Wyndham Hotels and Resorts discovered a hacker had penetrated the computer systems of one of the company’s data centers. That system acted as a gateway, allowing the hacker to access information from separate computing environments at 37 properties. At risk: personal data such as guest names and credit card numbers, expiration dates—and the public’s trust.

Wyndham notified the Secret Service, major payment card brands and attorney generals of different states as required by law. Though the company has not identified any customers whose data appears to have been taken by the intruder, an investigation is still ongoing.

It wasn’t the first time Wyndham experienced an information security breach. The Parsippany, New Jersey-based hotel chain experienced two other attacks during a 12-month span.

Mark Haley
The Prism Partnership


Though the frequency of such attacks generated considerable news coverage, Wyndham was not alone in its susceptibility to information security breaches.

Last fall, Radisson Hotels & Resorts revealed the computer systems of some branded hotels in the United States and Canada were accessed without authorization. Only a few weeks ago, owners of the Westin Bonaventure Hotel & Suites in Los Angeles disclosed a possible data breach at four hotel restaurants and valet parking operations.

The hotel industry has become a prime target for hackers. A recent report from SpiderLabs, a unit of data-security firm Trustwave, found that 38 percent of its data-breach investigations during 2009 occurred at hotels. The next most targeted sector was financial services with 19 percent of the company’s data-breach investigations.

“The hacker community has identified the hotel industry as a soft spot,” said Mark Haley, partner with hotel-technology consulting firm The Prism Partnership.

A basic failure

Hackers might boast an imposing knowledge of computer systems and their ability to manipulate complex coding illustrates a level of sophistication that surpasses the skills of many an IT professional, but most data breaches are the result of a few basic failures within the hotel industry, Haley said.

“If every hotel manager addressed a couple of basics, specifically regarding default passwords and remote access, a lot of the recent breaches would never have happened,” he said. 

But how could the industry have become so lax, especially at a time when reports and awareness seem to be growing?

One big reason is the recessionary economic climate, said Jeremy Rock, owner of RockIT Group and a member of the Hospitality Financial and Technology Professionals advisory council.

Jeremy Rock
RockIT Group

“You’ve got less people trying to do more,” he said of reduced staffing levels. “… I don’t think the general maintenance is being done to the systems and the networks.”

Labor isn’t the only area experiencing cutbacks. Upgrading hardware, firewalls and software is expensive. When a hotel is struggling just to get by, those things can fall to the wayside, Rock said.

Problems might also exist if software and security applications weren’t installed correctly in the first place, he added.

Perhaps most damning, however, is the lack of understanding and commitment at the property level, said Josh Ogle, founder and CEO of TriVesta LLC and co-author of a Cornell University study titled “Hotel Network Security: A Study of the Computer Networks in U.S. Hotels.”

“What it really comes down to is most hotels just don’t have data security as a priority,” he said.

Data security should be as ingrained a part of the property’s culture as is customer service, Haley said. Only then will the hotel be delivering on its full promise of hospitality.

“It’s an absolute essential for managers in the industry to ensure that there’s a culture respecting privacy in the hotel,” he said.

5/17/2010 12:23:00 PM
Everyone needs a much higher computer/data security awareness. Check a book we use at work, "I.T. WARS" (you can Google it). It has a great Security chapter, and others that treat security. Check the author's FREE blog, "The Business-Technology Weave" (Google to that too) - it's hosted at IT Knowledge Exchange - a site that gets over a million hits a month - it has great Question/Answer forums for everything technical and otherwise - ALL FREE. Highly recommended.
Login or enter a name   Post Your Comment  Check to follow this thread via email alerts (must be logged in)
(4000 characters max)

Comments that include blatant advertisements or links to products or company websites will be removed to avoid instances of spam. Also, comments that include profanity, lewdness, personal attacks, solicitations or advertising, or other similarly inappropriate or offensive comments or material will be removed from the site. You are fully responsible for the content you post. The opinions expressed in comments do not necessarily reflect the opinions of Hotel News Now or its parent company, STR and its affiliated companies. Please report any violations to our editorial staff.

Industry CEOs’ opinions on Marriott/Starwood
Sharing economy might be in Choice’s future
Industry outlook: A crash or soft landing?
Modular construction and hotel design
Spanish chains ramp up global expansion
Top CEOs: Both good, bad signs for hotels
Extended Stay America's Lopez, Part I
Extended Stay America's Lopez, Part II
ALIS 2016: LIIC members share opinions
Consultants share trends, advice for 2016
HSMAI Digital Marketing roundtable
ESA’s Lopez talks expansion, change
STR: US results for week ending 6 February
Financial experts analyze hotel consolidation
A roundup of US hires, promotions
STR: Airbnb’s impact on Manhattan compression
Brand X factors to watch for
Contact Us
Hotel News Now
18500 Lake Rd.
Suite 310
Rocky River, Ohio 44116
Copyright © 2004 - 2016 Hotel News Now, a division of STR, Inc. All Rights Reserved.   Privacy