Login

Cyber Security Is Awakening as Key Concern for Hoteliers

Hospitality Makes Attractive Target for Hackers
Mercedes Blanco
Mercedes Blanco
HNN columnist
February 14, 2024 | 1:40 P.M.

Last year we spent significant time talking about AI. There is another topic, I believe, that could become recurrent in 2024: cyber security and data protection.

Artificial intelligence — including generative AI and large language models — will continue to be part of our industry as they improve traveler experiences. Contactless technologies (mobile payments or check-ins) have also become increasingly popular. And most of us use hotel Wi-Fi networks on a regular basis. Therefore, it is only natural we realize how important the topic of security is becoming.

Only 0.1% of cyber attacks are successful, yet every 39 seconds, a successful cyber-attack is conducted. That's alarming, especially considering how attractive the hospitality industry can be to hackers. We collect, store and maintain large amounts of sensitive data that it is spread out geographically.

Cornell University and Freedom Pay research stated that 31% of hospitality providers have reported data breaches, and basic web attacks surrounding guest information represent 90% of hospitality breaches. But the cost is not just monetary; it can damage a company’s reputation forever.

Common Cyber Attacks in Hospitality

  • Phishing attack: convinces an email’s recipient to share personal information. HTML attachments make up 50% of corrupted files.
  • Ransomware: blocks access to certain data or systems until payment — in hospitality, this can mean letting guests into their rooms.
  • Distributed Denial of Service: targets systems such as sprinklers or security cameras.
  • Point of Sale: probably the biggest threat as it comes from third-party vendors.
  • DarkHotel: targets business guests, convincing then to download a software using hotel’s Wi-Fi.
  • Customer data or identity theft: the most common in our field.

Biggest Cyber Attacks in the Hospitality Industry

  • Marriott International has suffered at least three breaches. In early 2020, a data breach affected up to 5.2 million guests. Before that, Starwood’s malware went undiscovered for four years, impacting millions of records on its reservation system, including credit card and passport numbers. These breaches cost Marriott more than $500 million, plus the company was fined $120 million for GDPR violations.
  • A British Airways cyber attack diverted traffic to a false site and compromised credit card details for up to 500,000 people.
  • Choice Hotels had a third-party vendor copying its data without authorization, moved it to its server and then the vendor was attacked.
  • Sonder reported unauthorized access to one of its systems that included guest records.
  • A cyber attack on Hilton compromised over half a million reservation records in its loyalty platform Hilton Honors.
  • Wyndham Hotels spent over $5 million in legal and vendor fees to remediate breaches that led to customers losing more than $1.6 million to credit-card fraud.

What Can Hospitality Professionals do?

With Google’s impending removal of the third-party cookie approaching, it is now more important than ever for hoteliers to have a strategy in place for collecting first-party data to be able to communicate and build relationships. Moreover, they need to be more careful and protective than ever before, and work with trusted, low-risk vendors.

The Open Web Application Security Project is a non-profit organization founded in 2001 with the goal of helping website owners and security experts protect web applications from cyber attacks. They offer a top-10 standard awareness document for developers that represents a broad consensus about the most critical security risks to web applications.

Companies, as The Hotel Network does, should adopt this document and start the process of ensuring that their web applications minimize these risks. This is perhaps the most effective first step towards changing the software development culture within your organization into one that produces more secure code.


Mercedes Blanco is chief partnerships officer at The Hotels Network and a founding member of Women in Travel Thrive.

The opinions expressed in this column do not necessarily reflect the opinions of Hotel News Now or CoStar Group and its affiliated companies. Bloggers published on this site are given the freedom to express views that may be controversial, but our goal is to provoke thought and constructive discussion within our reader community. Please feel free to contact an editor with any questions or concern.

Read more news on Hotel News Now.