700k Customer Records Leaked Choice Hotels Data Breach

Hackers claim to have stolen 700,000 guest records belonging to Choice Hotels, one of the largest hotel chains in the world. Security researcher Bob Diachenko discovered the unsecured database, which was left exposed and accessible to anyone with an internet connection.

Diachenko immediately notified the company of the exposed MongoDB instance, but it appears malicious actors got to it first. The hackers apparently stole and demanded ransom for more than 700,000 customer records belonging to major hotel franchisor Choice Hotels, including names, addresses, payment records, email addresses, and phone numbers.

The company says the data was hosted on a vendor’s server, and no Choice Hotels servers were accessed. “The vendor was working with the data as part of a proposal to provide a tool”.


EXPERTS COMMENTS
Chris DeRamus , Co-founder & CTO,  DivvyCloud
August 16, 2019
To prevent misconfigurations and protect against data leakage, companies should employ automated cloud security solutions.
Consumer privacy (or the lack thereof) is a huge societal concern and is manifesting itself through many forms, including regulation like the California Consumer Privacy Act and General Data Protection Regulation. The data stolen from Choice Hotels stands as another stark reminder that consumers are right to fear for their privacy until companies recognize their responsibility and invest in peopl ....
[Read More >>]
Stephan Chenette , Co-Founder and CTO,  AttackIQ
August 16, 2019
The database contained personally identifiable information including names, emails address and phone numbers.
Due to a database being left unsecured for four days, cybercriminals have reportedly gained access to information of 700,000 Choice Hotels customers. The database contained personally identifiable information including names, emails address and phone numbers, which leaves these impacted individuals vulnerable to further phishing attacks and fraud. Cybercriminals are continuously looking for gap ....
[Read More >>]
Anurag Kahol, CTO ,  Bitglass
August 15, 2019
Organisations must take the proper cloud security steps, including leveraging single sign-on (SSO).
There are 3 pillars of information security - people, process and technology and, unfortunately, this is yet another example of a breach that occurred because of a simple security mistake. Leaving a database publicly accessible without even basic security such as password protection is inexcusable. When individuals create user accounts on websites, they should be able to trust that their personal ....
[Read More >>]
Jonny Milliken, Manager of the Research Team,  Alert Logic
August 15, 2019
Users don’t care how the data is lost – they still pay the price.
Any company which retains user data has a responsibility to protect it in their own systems, but also by enforcing good security practice on suppliers and partners. Users don’t care how the data is lost – they still pay the price. ....
[Read More >>]
Saryu Nayyar, CEO,  Gurucul
August 15, 2019
The actions of any person or entity who can access your most critical systems and applications should be monitored.
This breach is a great example of the significant - and often underestimated - security risk that third party vendors present. The actions of any person or entity who can access your most critical systems and applications should be monitored. That can be done with modern machine learning algorithms that compare current behaviour of all users, including third parties, to baselined “normal” beha ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :




In this article