Recently, an independent researcher named Bob Diachenko worked collaboratively with Comparitech. They discovered an unsecured database containing nearly 700,000 hotel records belonging to Choice Hotels. Unfortunately, although Diachenko reported his finding to the company, hackers had beaten him to the punch and had already downloaded the file. They are now demanding a ransom for its return.
An investigation into the matter is ongoing. A spokesman for Choice Hotels reported that the bulk of the file consisted of test information, including dummy payment card numbers, passwords, and populated reservation fields. They did confirm, however, the presence of some 700,000 genuine guest records and included names, addresses, and phone numbers.
The hackers left a ransom note in the database, demanding 0.4 Bitcoin for the safe return of the data. Based on recent prices, that amounts to about $4,000. Assuming the company decides to pay and assuming the hackers keep their word, that is a small price to pay given the number of compromised records.
Choice Hotels reported that the database was exposed when a third-party vendor accessed it as part of a proposal to provide a tool. Due to the lapse in security, Choice Hotels has decided not to work with that vendor again.
Choice Hotels statement reads
"We are evaluating other vendor relationships and working to put additional controls in place to prevent any future occurrences of this nature... We are also establishing a Responsible Disclosure Program and we welcome Mr. Diachenko's assistance in helping us identify any gaps."
This lukewarm response to the incident has done little to ease the concerns of Choice Hotels' customers. To this point, no notifications have been sent out to customers whose data has been compromised. If you stay at Choice Hotels when you travel, be mindful that you may be receiving targeted phishing emails and that your payment card information may have been compromised.
As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there!"
Meanwhile, check out this report
This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them
I am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.
Contact me if you would like me to speak at your association.