This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies.  Find out more here  Close
Hotel data breaches the result of basic failures within industry
May 17 2010

Despite hackers’ ability to navigate complex coding and sophisticated firewalls, it’s often the basic, easy-to-correct errors that lead to information security breaches at the property level.

By Patrick Mayock
Editor-in-Chief
patrick@hotelnewsnow.com

Editor's note: This is the first installment in a five-part series about hotel information data security. Tomorrow's feature will examine ways to strengthen hotel defenses.

REPORT FROM THE U.S.—During late January 2010, Wyndham Hotels and Resorts discovered a hacker had penetrated the computer systems of one of the company’s data centers. That system acted as a gateway, allowing the hacker to access information from separate computing environments at 37 properties. At risk: personal data such as guest names and credit card numbers, expiration dates—and the public’s trust.

Wyndham notified the Secret Service, major payment card brands and attorney generals of different states as required by law. Though the company has not identified any customers whose data appears to have been taken by the intruder, an investigation is still ongoing.

It wasn’t the first time Wyndham experienced an information security breach. The Parsippany, New Jersey-based hotel chain experienced two other attacks during a 12-month span.

Mark Haley
partner
The Prism Partnership

 

Though the frequency of such attacks generated considerable news coverage, Wyndham was not alone in its susceptibility to information security breaches.

Last fall, Radisson Hotels & Resorts revealed the computer systems of some branded hotels in the United States and Canada were accessed without authorization. Only a few weeks ago, owners of the Westin Bonaventure Hotel & Suites in Los Angeles disclosed a possible data breach at four hotel restaurants and valet parking operations.

The hotel industry has become a prime target for hackers. A recent report from SpiderLabs, a unit of data-security firm Trustwave, found that 38 percent of its data-breach investigations during 2009 occurred at hotels. The next most targeted sector was financial services with 19 percent of the company’s data-breach investigations.

“The hacker community has identified the hotel industry as a soft spot,” said Mark Haley, partner with hotel-technology consulting firm The Prism Partnership.

A basic failure

Hackers might boast an imposing knowledge of computer systems and their ability to manipulate complex coding illustrates a level of sophistication that surpasses the skills of many an IT professional, but most data breaches are the result of a few basic failures within the hotel industry, Haley said.

“If every hotel manager addressed a couple of basics, specifically regarding default passwords and remote access, a lot of the recent breaches would never have happened,” he said. 

But how could the industry have become so lax, especially at a time when reports and awareness seem to be growing?

One big reason is the recessionary economic climate, said Jeremy Rock, owner of RockIT Group and a member of the Hospitality Financial and Technology Professionals advisory council.

Jeremy Rock
owner
RockIT Group

“You’ve got less people trying to do more,” he said of reduced staffing levels. “… I don’t think the general maintenance is being done to the systems and the networks.”

Labor isn’t the only area experiencing cutbacks. Upgrading hardware, firewalls and software is expensive. When a hotel is struggling just to get by, those things can fall to the wayside, Rock said.

Problems might also exist if software and security applications weren’t installed correctly in the first place, he added.

Perhaps most damning, however, is the lack of understanding and commitment at the property level, said Josh Ogle, founder and CEO of TriVesta LLC and co-author of a Cornell University study titled “Hotel Network Security: A Study of the Computer Networks in U.S. Hotels.”

“What it really comes down to is most hotels just don’t have data security as a priority,” he said.

Data security should be as ingrained a part of the property’s culture as is customer service, Haley said. Only then will the hotel be delivering on its full promise of hospitality.

“It’s an absolute essential for managers in the industry to ensure that there’s a culture respecting privacy in the hotel,” he said.

COMMENTS   Show All
Login or enter a name   Post Your Comment  Check to follow this thread via email alerts (must be logged in)
(4000 characters max)

Comments that include links or URLs will be removed to avoid instances of spam. Also, comments that include profanity, lewdness, personal attacks, solicitations or advertising, or other similarly inappropriate or offensive comments or material will be removed from the site. You are fully responsible for the content you post. The opinions expressed in comments do not necessarily reflect the opinions of Hotel News Now or its parent company, STR and its affiliated companies. Please report any violations to our editorial staff

TRENDING
Tiered Wi-Fi emerges as new industry model
How to mitigate dependence on OTAs
Heartbleed a ‘significant’ threat to hotels
Owners talk OTAs, branding, living wage
Omni Nashville GM hits hotel jackpot
The role of today’s management company
VIDEO
Hunter Hotel Conference postgame wrap
Bazin outlines Accor investment strategy
Accor's Bazin talks growth
Sébastien Bazin's view from the top
Chris Nassetta talks lifestyle brand
LATEST NEWS
Sustainability's deep roots
What do millennials want from a green hotel?
Laws to supplant brands’ green mandates
Sustainable hotel development more accessible
Hotel meeting planners look for green
‘Green’ deeply engrained in hotel industry
Contact Us
Hotel News Now
18500 Lake Rd.
Suite 310
Rocky River, Ohio 44116
        
Copyright © 2004 - 2014 Hotel News Now, a division of STR, Inc. All Rights Reserved.   Privacy