Employees | 3 min read

Why Do Cybercriminals and Identity Thieves Target the Hospitality Industry?

  

Want to get updates on InfoArmor News?

 

Over the past several months, we’ve explored how data breaches, security incidents, and identity theft impact some of the nation’s biggest industries. We’ve taken an in-depth look at healthcare, education, and the professional services sector — just to name a few.

Today, we’ll complete the series by focusing on the hospitality industry. Please join us as we examine why cybercriminals and identity thieves target hotel workers, as well as steps you can take to protect your clients in the hospitality industry.

Let’s dive in.

The hotel industry is under attack

Identity theft and data breaches are occurring at an alarming rate in the hospitality industry, and they show no signs of slowing down. In fact, security incidents and data breaches in the hotel industry rose by nearly 70 percent from 2016 to 2017. And in a year filled with data breaches, it was a major hotel chain that generated the biggest buzz in 2018.

On November 30, 2018, Marriott announced that a massive Starwood data breach may have compromised the identities of 500 million guests. The breach, which wasn’t discovered until September of last year, had been active since 2014. While the sheer number of victims is staggering, the types of data stolen are equally disturbing.

According to Marriott, which acquired Starwood in 2016, guests had some combination of the following details compromised: name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (SPG) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.

While the Starwood disclosure ranks among the largest hotel breaches on record, it certainly isn’t an isolated incident. Hotels have long been targeted by hackers, identity thieves, and cybercriminals — a trend that has amplified in recent years.

Back in 2015, the Mandarin Oriental hotel was hit by a severe card-stealing malware. That same year, Hilton Hotel properties experienced a massive data breach. From 2015 to 2017, Hyatt Hotels and the Trump Hotel Collection experienced multiple, widespread data breaches.

Unfortunately, these are just a few of the high-profile incidents disclosed in recent years. In total, there were more than 337 data breaches in the hotel and food industries in 2017. You can read about other instances over at KrebsOnSecurity.

Why are hotels and their employees so targeted?

More than 99 percent of hotel breaches are financially motivated. Hotels make great targets because of the valuable guest data they collect and maintain. This often includes payment details, addresses, phone numbers, email addresses, and other sensitive guest data.

Hotel workers are specifically targeted due to their ability to access guest data. If a cybercriminal compromises the identity of an employee, they can gain access to thousands or millions of guest records.

Not every attack is carried out by a hacker either.

Hotel employees are frequently targeted by foreign governments seeking confidential information on national and international travelers. Additionally, thieves understand disengaged employees are willing to sell confidential user credentials for less than $100 — and many disgruntled employees are happy to provide the necessary access for free.

How can hotels protect their employees?

The good news is there are steps you can take to help protect your clients in the hospitality industry. By offering them a quality employee identity protection benefit, you can ensure they safeguard their employees as well as the company’s bottom line.

Discover even more information about how data breaches impact hotel workers by downloading our complimentary one-sheet, Data Breaches, Security Incidents, and Identity Theft in the Hotel Industry.


If identity protection isn’t a part of your portfolio yet, you might want to read our white paper, 5 Reasons to Sell Identity Protection as an Employee Benefit. For immediate assistance, or to learn why PrivacyArmor is right for your clients, please contact us at 1.480.302.6701.

 

  
New call-to-action
At InfoArmor, we believe everyone deserves the right to privacy, security, and above all else, peace of mind. This is why we’re proud to offer industry-leading solutions for employee identity protection and advanced threat intelligence. From enterprise to employee, InfoArmor redefines how organizations combat an ever-changing cyber threat landscape. If you’d like more information on how we can help your organization protect its most valuable assets, reach out. We’d love to hear from you.