Two Out Of Three Hotels Unintentionally Leaked Customers' Personal Information

According to Symantec Corp's research published on April 10, two of the three hotels unknowingly leaked personal information and booking details to third-party websites, including analysts and advertising companies.

This study which studied over 1,500 websites of two-five-star hotels in 54 countries comes a few months after the incident of Marriott International became one of the worst data breaches in history.

The study did not include Marriott, according to Symantec.

Symantec said cybercriminals today are pretty interested in user personal information, including their names, credit card details, email addresses, and passport numbers. Moreover, they pay special attention to the data of government employees and business professionals.

Candid Wueest, who led the study, said:

According to research findings, the data leak often occurs when confirmation emails containing direct booking confirmation were sent by a hotel site to its customers. The reference code comes with the link can be shared with over 30 other service providers, including analytics service, advertising services, search engines, and social media.

Wueest also said that after sending this notice to the affected hotels, up to 25% of the data privacy officers at these places did not give any feedback within 6 weeks. Those who replied to Symantec took about 10 days.

Wueest continued:

referring to new privacy law of Europe which was officially issued and took effect around a year ago. It has extremely clear and strict rules about how organizations should handle an online data breach.