Two Out Of Three Hotels Unintentionally Leaked Customers' Personal Information

Indira Datta - Apr 14, 2019

Two Out Of Three Hotels Unintentionally Leaked Customers' Personal Information

According to Symantec's research on more than 1,500 hotel sites around the world, there are 2 out of 3 hotels that accidentally leak customer information.

According to Symantec Corp's research published on April 10, two of the three hotels unknowingly leaked personal information and booking details to third-party websites, including analysts and advertising companies.

Symantec 13
The research was done by Symantec.

This study which studied over 1,500 websites of two-five-star hotels in 54 countries comes a few months after the incident of Marriott International became one of the worst data breaches in history.

Marriot Afp Relaxnews
Five hundred million Marriott customers affected in the massive data breach.

The study did not include Marriott, according to Symantec.

Symantec said cybercriminals today are pretty interested in user personal information, including their names, credit card details, email addresses, and passport numbers. Moreover, they pay special attention to the data of government employees and business professionals.

Candid Wueest, who led the study, said:


According to research findings, the data leak often occurs when confirmation emails containing direct booking confirmation were sent by a hotel site to its customers. The reference code comes with the link can be shared with over 30 other service providers, including analytics service, advertising services, search engines, and social media.

Hotel Information
Attackers who obtain customer information can change booking details.

Wueest also said that after sending this notice to the affected hotels, up to 25% of the data privacy officers at these places did not give any feedback within 6 weeks. Those who replied to Symantec took about 10 days.

Wueest continued:


referring to new privacy law of Europe which was officially issued and took effect around a year ago. It has extremely clear and strict rules about how organizations should handle an online data breach.


Sort by Newest | Popular

Next Story