Choice Hotels Data Breach

Cyber attack protection

The Choice Hotel chain does seem to have an unhappy (or very happy – depending on your point of view, of course) relationship with data security as, over the last few years, the chain has been the victim of at least two data breaches of varying magnitude and severity, involving different entry points.

Data breaches at the Maryland lodging giant have a far broader impact than their hotel guests. Choice Hotels manages bookings for over seven thousand hotels and properties around the world. These bookings include major hotel and hospitality chains such as:

  • Ascend Hotel Collection
  • Cambria Hotels
  • Clarion, Comfort
  • Econo Lodge
  • MainStay Suites
  • Roadway Inn
  • Sleep Inn
  • Woodspring Suites

In December 2019, an unsecured database exposed guest data, after the contents of the database was indexed by a meta search engine. The data set included full names, email addresses, and home phone numbers. The irony was the data breach happened during a planned security data test run!

Approximately 5.6 million records were affected, but according to Choice Hotels, only 700,000 of these had to do with real guest information. The bulk of the exposed data comprised dummy information the chain had created specifically for their security test run. That may well have been the case, but even if that was the situation, Choice Hotels should have secured or excluded any real guest information from what was a trial of an untested system.

A subsequent investigation into the breach by cyber-attack protection researches discovered a ransom note, purportedly from a hacker, who claimed the 700,000 exposed records had been backed up and demanded approximately $4,000 from the hotel chain to delete his files.

An earlier data breach incident at the hotel chain involved a technical issue on one of Choice Hotel’s websites, which left guest information accessible to hackers.

Visitors to the hotel website using the Safari browser left their entered information exposed to third-parties. This exposure only occurred if the Safari browser crashed, but it seems to have been quite a frequent event, taking place approximately 88,000 times from June 2015 through November 2019. Choice Hotels did identify the guests involved and notified them of the data breach for their further action.

Nobody needs this kind of publicity. With hotel guests increasingly sharing their experiences on online review boards, the effects of a data breach can be costly and very far-reaching. An ounce of prevention is worth a pound of cure, so drop us a line and let our security experts show you how to keep your data safe and secure!

We’ll teach you how to repel cyberattacks.