Data leak from Huazhu Hotels may affect 130 million customers

Leaked information potentially includes 240 million lines of data containing phone numbers, email addresses, bank account numbers, and booking details. Photo credit: iStock / Getty Images Plus

Personal data and booking information from 13 hotels operated by Huazhu Hotels Group reportedly was leaked in what could be the largest data breach in China in five years, according to Chinese cybersecurity company FreeBuf.

Recently, a post on a Chinese dark web forum titled “Huazhu-owned hotels booking data” claimed to be selling personal data and information of customers from Huazhu-owned hotels, including Hanting Inns and Hotels, Hi Inn, and JI Hotel, according to Technode. According to local reports, 130 million customers are believed to be affected by the breach. Leaked information potentially includes 240 million lines of data containing phone numbers, email addresses, bank account numbers and booking details.

The data originally was selling for 8 bitcoins (equivalent to roughly $51,100 U.S.). The seller reportedly lowered its asking price to 1 bitcoin after the news spread quickly across local media.

Virtual Event

HOTEL OPTIMIZATION PART 2 | Now Available On-Demand

Survival in these times is highly dependent on a hotel's ability to quickly adapt and pivot their business to meet the current needs of travelers and the surrounding community. Join us for Optimization Part 2 – a FREE virtual event – as we bring together top players in the industry to discuss alternative uses when occupancy is down, ways to boost F&B revenue, how to help your staff adjust to new challenges and more, in a series of panels focused on how you can regain profitability during this crisis.


Huazhu Hotels Group released an official statement (in Chinese) saying an internal investigation is underway and the public security bureau is investigating the case. Huazhu is one of China's largest hotel chains, operating more than 3,500 properties across 13 brands, including Ibis and Mercure, reports the BBC.

Data breaches are nothing new for China, but the scale of customer data involved has led to international press attention for the hotel group.

Cyber-security firm Zibao told a local news outlet that it believed the breach was a result of the hotel group's software developers accidentally uploading a database to Github, a service where developers can collaborate.

Earlier this summer, hackers got to hotel booking website FastBooking to install malware and pilfer data, such as names, email addresses, booking information and paymentcard data, from guests at hundreds of hotels. Earlier this year, Orbitz disclosed a security breach that may have exposed the data of thousands of customers, including information on 880,000 payment cards.

Back in 2016, Hyatt disclosed a breach of payment cards that affected 250 hotels in approximately 50 countries, making it one of the most wide-ranging incidents in a rash of hotel cyberattacks. Also that year Hilton, Mandarin Oriental, Trump Hotels and Starwood Hotels & Resorts Worldwide were affected by hacker attacks.

Last year, a data breach at third-party hotel-reservations provider Sabre impacted multiple hotels, including those from Four Seasons Hotels and Resorts, Trump Hotels, Kimpton Hotels & Restaurants and RLH CorporationIHG also announced two data breaches last year.

Suggested Articles

A growing percentage of Best Western's pipeline is in the boutique sector, and the company sees opportunities for further growth.

The November edition of PwC’s "U.S. Hospitality Directions" suggests the second half of 2021 may bring some recovery for the industry.

These key technologies can help hoteliers meet the needs of the pandemic holiday traveler.