Lax Information Security Makes Hotels Low Hanging Fruit for Hackers

facebooktwittergoogle_plusredditpinterestlinkedinmail

Let’s face it, hackers love hotels.  And not because they want to get away from it all and sip margaritas by the pool. The huge volume of personal information collected, transmitted and stored by the hospitality industry has made it a prime target for cybercrime, according to a report by Willis Group Holdings, a global insurance broker.

As the hospitality industry pushes its customers to do more of their business online, it’s opened the door to cybercrime. Hotel customer data equals cash to hackers because it can be stolen in large quantities and used to commit identity theft.  That’s why it’s not surprising that in 2011, Willis found that 38% of all cyber attacks were aimed at hotels, resorts and tour companies during the previous year. That’s more data breaches than in any other market sector. One of the biggest risks is to travelers who submit credit card information and other personal information to hotel websites.

 

Why Hotels Are Magnets for Cybercrime

Why are hotels so vulnerable to data breaches? Because, unlike many other industries which routinely purge customer data, hotels hold on to it longer for reservations and customer loyalty programs. And history has shown that the hotel industry doesn’t have the best track record for implementing up-to-date information security procedures.

Hotel databases are a treasure trove of customer information for hackers. They hold guests’ home address, credit and debit card information, driver’s license numbers and passport numbers, as well as their travel plans. That makes them one-stop shopping for identity thieves.

Case in point:  In 2011, the Orlando Sentinel reported that a Secret Service investigation uncovered identity fraud in Central Florida that was traced to hacked computer servers at a San Diego hotel. The hackers uploaded malware which captured guests’ credit card information stored by the hotel.  They sold the data to other criminals who stored it in Azerbaijan, located on northern border of Iran.  According to the Sentinel, Secret Service agents said those middle men then turned around and sold the data to a Florida group which created counterfeit credit, debit and gift cards. In a criminal complaint, the government charged seven members of that group with using over 200 stolen American Express card numbers to charge $187,000 worth of fraudulent purchases at Target Stores in Central Florida.

Any Computer in a Hotel is Fair Game for Hackers

There are countless methods that hackers can use to obtain hotel guests’ personal information because it’s collected, transmitted and stored in so many different ways.  For example, guests should avoid accessing their accounts or personal information and conducting sensitive email correspondence on public hotel computers. There are many reported cases of hackers installing malware on them which logs users’ keystrokes and records their passwords and account numbers.

Even in the privacy of your room, using the hotel’s wireless network isn’t safe.  Remember, hotel Wifi is a public network. Everything you do on it can be seen by others. There could also be rogue networks set up by hackers nearby to trick you into revealing your personal information.  Even the hotel’s wired network doesn’t protect your online privacy.

Using hotel wireless networks has changed the way we work and play when we travel.  But that doesn’t they’re safe.  Here’s what you can do to protect yourself online when you’re on the road.

 

Check Out Hotel Information Security Before You Check In

 

Ask your hotel what security measures it has in place to protect your personal information from data breaches.  Do its use a firewall?  Does it prohibit remote access to customer data?  How long does it keep your information?

Make sure your computer’s firewall is turned on and your virus and malware protection are up to date.

∙  Use long strong passwords composed of letters, numbers and characters and change them often.  Use a different one for each account.

∙  Turn off file sharing, disable peer to peer networking and remove sensitive data from your laptop before your next trip.

∙  Check to make certain you’re logging into your hotel’s Wifi network, not a fake hotspot designed to steal your personal information.

∙  Don’t pay bills, use credit cards or conduct other financial transactions on hotel wireless networks.

∙  Turn off your wireless network when you’re not using it.

∙  Monitor your credit card statements after each trip.

∙  Don’t use a debit card to pay your hotel bill.  A cybercrook could empty your bank account before you notice.

∙  Use a virtual private network solution like PRIVATE WiFi™. VPNs protect your identity by encrypting the information traveling to and from your computer. That means it’s hidden from hackers.

Were you the victim of a hotel data breach?  If you were, we’d like to hear what happened to you.  Drop us a line and share your story.

 

Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.

Jan Legnitto

Jan Legnitto is an investigative journalist and documentary producer who writes about criminal justice and intelligence issues. Jan is also a frequent contributor to the Private I blogs.

You may also like...