Symantec's investigation revealed a sad image of the security situation in the hotel sector. An overview of online booking systems has shown that more than two-thirds of hotel companies reveal unwanted personal information about guests or, due to inadequate security mechanisms, they provide relatively simple unauthorized penetration in data sources.
Source: Getty Images
The main problem is in the emails received by the customer as confirmation of the reservation. Usually they contain a web link to confirm the reservation, which is often completely unprotected. Thus, unauthorized persons can usually get to their name, surname, address, phone number, email address, passport numbers and even the last digit of the credit card.
Symantec has conducted research on nearly 1,500 hotel systems in the United States, Canada and the EU, from two to five star hotels. Serious deficiencies have been found in many European hotels, although they should strictly protect this information in accordance with the provisions of the GDPR.
Named hosts often share guest information with other partners, and these divisions are often made through equally insecure links as mentioned above, which can no longer control who has access to personal information. Symantec does not want to disclose the names of the hotels or hotel chains, but it has been reported defects before publishing the results.
Subscribe to regular weekly or monthly announcements of new posts on our website.