Home > News Center > Industry Insights
In January 2017 the international high-end hotel brand billboard
fifth InterContinental Hotel, recently came the hacking news. February
7th, according to the Beijing Business Daily reported that
InterContinental Hotel group's 12 hotels in the United States credit
card information disclosure.
The "daily economic news" reporter
noted that as early as the end of December 2016, the hotel has been
launched to investigate the credit card payment problem. In February 3,
2017, the hotel said in a statement that in the period from 2016 8 to
December 12 in the hotel restaurant or bar the use of credit card
customers have become the victim of data leakage, and the use of credit
cards in the hotel front desk users are not affected.
Insiders
said, because if the hacking of computer system so that a user
information was leaked, causing losses to the user, the hotel should
bear the corresponding legal responsibility, but for now the hotel
information system security level in the relatively weak, although the
use of hotel management information system, to eliminate safety hazards
but do not place the hotel, in order to reduce the information security
incidents must strengthen safety measures, protection of consumer
information.
12 Hotel payment system was invaded
"Daily
News" reporter noted that in February 3rd, the InterContinental Hotel
group has issued a "notice" on customer card payment event in 12 hotel
credit, in December 28, 2016, the InterContinental Hotel group has
received a "unauthorized" transaction report, confirmed that part of the
wine shop's use of credit card payment problems, the company
immediately this investigation.
Subsequently, InterContinental
Hotel group (IHG) hired a top network security company to check the
entire District Hotel credit card payment system. According to the
survey, only 12 of the hotel's restaurants or bars using credit card
users have been leaked data, the hotel front desk to use credit card
users have escaped. The attackers used malware to infect the hotel's
payment system, including data on the cardholder's name, card number,
credit card expiration time and internal validation code.
The
survey, IHG first notice in the period from August 2016 to December 12
in the hotel restaurant or bar to pay by credit card customers, at the
same time on other areas of the hotel of the group is also ongoing.
It
is reported that 12 of the hotel suffered credit card data breaches
including Intercontinental San Francisco Hotel, Holiday Inn, Chicago
Magnificent Mile Aruba InterContinental Hotel, Crowne Plaza Hotel,
Holiday Inn San Francisco-Fisherman's Wharf, San Jose Valley, Losangeles
Century City InterContinental Hotel, InterContinental Hotel,
InterContinental Hotel, Atlanta MarkHopkins Buckhead Willard Yorkville
Toronto InterContinental Hotel, InterContinental Hotel, San Juan and
Nashville intercontinental Resort Casino and Holiday Inn Airport Hotel.
The
statement also said that IHG has been working with the security company
to review, is now confirmed that the problem has been repaired and
strengthened security measures. The incident has been reported to law
enforcement agencies, and cooperation with the payment network allows
banks to monitor fraudulent transactions. Up to now, there is no
specific number of users affected by data leakage. In addition, IHG
established a call center dedicated to answering questions for the
customer.
Last August, the United States about 20 hotels to bank
credit card information leak, in addition to intercontinental brand
hotel, Hyatt, Marriott, Sheraton and Wenstin hotel are all on the list.
In 2016 alone there are a number of companies launched a survey of
similar activities, such as Kimpton Hotel (Kimpton Hotels &
Restaurants), HEI (HEI Hotels & Resorts) Hotel, Rosen Hotel and
Resort (Rosen Hotels & Resorts) etc..
In recent years, the
well-known chain hotels, high-end brand hotel there are serious security
vulnerabilities occur frequently, large open room information and
payment information leakage risks exist, so many users think extremely
fear. Especially in January 2016, Hyatt in 250 hotels in about 50
countries around the world related to payment card data breaches,
accounting for about 40% of the number of the Hyatt Hotel, which has 22
China Hyatt Hotels are affected.
Tourism industry insiders 6 CEO
Jia Jianqiang has publicly said that the hotel's own information and
security capabilities are poor, should be more professional and PMS
systems. There is a serious safety hazard present in some hotel
management software, the main leakage pathways include hackers, server,
management software provider is not standardized, data management is not
in place as the "culprit Hotel leak door".
Domestic hotel information leakage probability is low?
The
"daily economic news" reporter called the InterContinental Hotel group
China hotel information management system solutions provider Beijing
Shiji information technology Limited by Share Ltd, the secretaries
office staff said that the removal of many large overseas hotel group
will use the PMS system to its own IT team to develop the hotel
information management system of MICROS company in the United States to
occupy the international market five to 60%, the InterContinental Hotel
group is used in the system, and the hotel management information system
of the country are provided by third parties.
The staff said,
because the domestic and international payment process design is
different than in the credit card, the hotel management information
system and the payment system is the machine via the network storage,
and the bank line connection, so it is in normal operation, the
probability of occurrence of domestic hotel information disclosure is
relatively low."
But it is worth noting that, according
to Internet security service platform vulnerabilities announced the
first box "hotel information security report" shows that in 2015,
Marriott, Ritz Carlton, Sheraton, Amy, Holiday Inn and other 7
well-known hotel official website there is a serious security
vulnerabilities, every wine shop has tens of thousands of leaked data
above, the tenant to open the room information at a glance, even for
amendment and cancellation of orders for the hotel.
In this
regard, they favored tourism founder, tourism O2O analyst Liu Zhaohui
told the "daily economic news" reporter said, the reason, first, the
Tradition Hotel group there are loopholes in the information system,
vulnerability will cause the system to fully control; second, the
hacking of that virus invasion, for example, members of integral system;
third, the hotel industry bank card transaction volume is relatively
large, the guest information has use value; fourth, the hotel
information system security level in the relatively weak, although the
use of hotel management information system, but to eliminate safety
hazards but do not place.
Liu Zhaohui said, in fact the hotel
management information system currently has the following two
categories, one is the PMS system developed by the hotel group;
outsourcing for large information system service providers, such as in
the high star hotel in the largest stone base market share by Ctrip
integration of public service in the end Hui hotel.
Orange Hotel
chief legal adviser, Taihe (Beijing) lawyer Chen Tao told reporters,
from a legal perspective, the protection of consumer privacy is the
operator's obligation, so the spirit of "who, who collected protection"
principle, the hotel should also bear the responsibility. If it is
because hackers hacked into the computer system and the user information
was leaked, causing losses to the user, the hotel side is also
responsible.
"But because there are significant differences in
the criminal incidental civil lawsuit system and the civil litigation,
and the user is the spirit of the loss, so the case into the judicial
way." Chen Tao lawyer added that if a crisis occurs, the first time the
hotel to seek the involvement of the public security organs, and obtain
customer understanding.
Address: #2001-2004 5 Lane 478 Changshou Rd., Shanghai, China
Phone: +86 21 6227-9227
Email: Sales@shpy.com.cn