Identity Fraud in Focus quarterly report
8 min
Over the past several months, we’ve explored how data breaches, security incidents, and identity theft impact some of the nation’s biggest industries. We’ve taken an in-depth look at healthcare, education, and the professional services sector — just to name a few.
Today, we’ll complete the series by focusing on the hospitality industry. Please join us as we examine why cybercriminals and identity thieves target hotel workers, as well as steps you can take to protect your clients in the hospitality industry.
Let’s dive in.
Identity theft and data breaches are occurring at an alarming rate in the hospitality industry, and they show no signs of slowing down. In fact, security incidents and data breaches in the hotel industry rose by nearly 70 percent from 2016 to 2017. And in a year filled with data breaches, it was a major hotel chain that generated the biggest buzz in 2018.
On November 30, 2018, Marriott announced that a massive Starwood data breach may have compromised the identities of 500 million guests. The breach, which wasn’t discovered until September of last year, had been active since 2014. While the sheer number of victims is staggering, the types of data stolen are equally disturbing.
According to Marriott, which acquired Starwood in 2016, guests had some combination of the following details compromised: name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (SPG) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
While the Starwood disclosure ranks among the largest hotel breaches on record, it certainly isn’t an isolated incident. Hotels have long been targeted by hackers, identity thieves, and cybercriminals — a trend that has amplified in recent years.
Back in 2015, the Mandarin Oriental hotel was hit by a severe card-stealing malware. That same year, Hilton Hotel properties experienced a massive data breach. From 2015 to 2017, Hyatt Hotels and the Trump Hotel Collection experienced multiple, widespread data breaches.
Unfortunately, these are just a few of the high-profile incidents disclosed in recent years. In total, there were more than 337 data breaches in the hotel and food industries in 2017. You can read about other instances over at KrebsOnSecurity.
More than 99 percent of hotel breaches are financially motivated. Hotels make great targets because of the valuable guest data they collect and maintain. This often includes payment details, addresses, phone numbers, email addresses, and other sensitive guest data.
Hotel workers are specifically targeted due to their ability to access guest data. If a cybercriminal compromises the identity of an employee, they can gain access to thousands or millions of guest records.
Not every attack is carried out by a hacker either.
Hotel employees are frequently targeted by foreign governments seeking confidential information on national and international travelers. Additionally, thieves understand disengaged employees are willing to sell confidential user credentials for less than $100 — and many disgruntled employees are happy to provide the necessary access for free.
The good news is there are steps you can take to help protect your clients in the hospitality industry. By offering them a quality employee identity protection benefit, you can ensure they safeguard their employees as well as the company’s bottom line.
Discover even more information about how data breaches impact hotel workers by downloading our complimentary one-sheet, Data Breaches, Security Incidents, and Identity Theft in the Hotel Industry.
If identity protection isn’t a part of your portfolio yet, you might want to read our white paper, 5 Reasons to Sell Identity Protection as an Employee Benefit. For immediate assistance, or to learn why PrivacyArmor is right for your clients, please contact us at 1.480.302.6701.
If you're considering one of our services, want more information, or need assistance, please reach out. We’re here to help.