Data leak from Huazhu Hotels may affect 130 million customers

Leaked information potentially includes 240 million lines of data containing phone numbers, email addresses, bank account numbers, and booking details. Photo credit: iStock / Getty Images Plus

Personal data and booking information from 13 hotels operated by Huazhu Hotels Group reportedly was leaked in what could be the largest data breach in China in five years, according to Chinese cybersecurity company FreeBuf.

Recently, a post on a Chinese dark web forum titled “Huazhu-owned hotels booking data” claimed to be selling personal data and information of customers from Huazhu-owned hotels, including Hanting Inns and Hotels, Hi Inn, and JI Hotel, according to Technode. According to local reports, 130 million customers are believed to be affected by the breach. Leaked information potentially includes 240 million lines of data containing phone numbers, email addresses, bank account numbers and booking details.

The data originally was selling for 8 bitcoins (equivalent to roughly $51,100 U.S.). The seller reportedly lowered its asking price to 1 bitcoin after the news spread quickly across local media.

FREE HOTEL MANAGEMENT NEWSLETTER

Like this story? Subscribe to Technology!

Hospitality professionals turn to Technology as their go-to news source for the latest technology products and trends. Sign up today to get news and updates on security systems, in-room entertainment, and more delivered to your inbox and read on the go.

Huazhu Hotels Group released an official statement (in Chinese) saying an internal investigation is underway and the public security bureau is investigating the case. Huazhu is one of China's largest hotel chains, operating more than 3,500 properties across 13 brands, including Ibis and Mercure, reports the BBC.

Data breaches are nothing new for China, but the scale of customer data involved has led to international press attention for the hotel group.

Cyber-security firm Zibao told a local news outlet that it believed the breach was a result of the hotel group's software developers accidentally uploading a database to Github, a service where developers can collaborate.

Earlier this summer, hackers got to hotel booking website FastBooking to install malware and pilfer data, such as names, email addresses, booking information and paymentcard data, from guests at hundreds of hotels. Earlier this year, Orbitz disclosed a security breach that may have exposed the data of thousands of customers, including information on 880,000 payment cards.

Back in 2016, Hyatt disclosed a breach of payment cards that affected 250 hotels in approximately 50 countries, making it one of the most wide-ranging incidents in a rash of hotel cyberattacks. Also that year Hilton, Mandarin Oriental, Trump Hotels and Starwood Hotels & Resorts Worldwide were affected by hacker attacks.

Last year, a data breach at third-party hotel-reservations provider Sabre impacted multiple hotels, including those from Four Seasons Hotels and Resorts, Trump Hotels, Kimpton Hotels & Restaurants and RLH CorporationIHG also announced two data breaches last year.

Suggested Articles

Growth in the number of properties in Canada has been moderate the past 10 years. But that is changing, with supply growth nearly tripling in 2019.

A new report from Horwath HTL examines how branded and independent resorts across the Caribbean are catering to shifting demands.

The deal could be worth as much as $2 billion if it goes through.