Hotel Data Are Hacker Heaven, So Be Cyber-Smart Before You Check In


Hotels are treasure troves for hackers, with thousands of customers’ payment card and personal data. Even the Trump Hotels aren’t immune to hackers.

Trump International Hotels Management LLC recently reported a data breach involving 14 Trump properties, including hotels in Washington and New York. The company said the breach was the result of the hack of systems of a third-party vendor which provided booking services, Sabre Hospitality Solutions.

The Sabre hacking also affected Hard Rock Hotels, which revealed a data breach that lasted for seven months and hit 11 properties, including the Hard Rock Hotel & Casino Las Vegas. 

Cybercriminals going after hotels isn’t a new thing. Hotelier Wyndham Worldwide Corp. faced three data breaches in 2008 and 2009 that allegedly compromised more than 600,000 payment cards of guests and led to more than $10 million in losses. 

The Federal Trade Commission initiated an enforcement action against Wyndham and several of its subsidiaries in June 2012, alleging that their failure to remedy a vulnerable security system allowed the breaches. The case ended up in federal court, where the U.S. Court of Appeals for the Third Circuit affirmed the FTC’s right to sanction poor data security as an unfair business practice. Without admitting or denying any of the regulator’s data security allegations, Wyndham agreed to settle with the FTC. 

Hotels now point to free Wi-Fi the way they used to put an “air-conditioned” sign out front, but travelers should think twice before jumping on. Data security professionals told Bloomberg BNA that travelers using public Wi-Fi is one of the easiest ways for hackers to steal sensitive information or plant malware. 

Bob Braun, co-chair of the cybersecurity and privacy group at Jeffer Mangels Butler & Mitchell LLP, and Gretchen Ruck, director of business consulting company AlixPartners LLP, told Bloomberg BNA that there are alternatives to Wi-Fi and ways to exercise stronger cyber hygiene before you hit the road: 

  • Consider a mobile hotspot, which may use your data, but it also uses the cellular network and is separate from the public Wi-Fi;
  • Use a virtual private network (VPN), which encrypts traffic between your computer and the internet and protects communications;
  • Set up notifications for online banking and credit accounts to track unexpected card activity; and
  • Develop a habit of frequently backing up devices to a separate hard-drive or cloud storage.

The FTC recently listed its own summertime cybersecurity tips for consumers.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.