|
The
study, which looked at more than 1,500 hotel websites in 54
countries that ranged from two-star to five-star properties,
comes several months after Marriott International disclosed one
of the worst data breaches in history.
Symantec said Marriott was not included in the study.
Compromised personal information includes full names, email
addresses, credit card details and passport numbers of guests
that could be used by cybercriminals who are increasingly
interested in the movements of influential business
professionals and government employees, Symantec said.
"While it's no secret that advertisers are tracking users’
browsing habits, in this case, the information shared could
allow these third-party services to log into a reservation, view
personal details and even cancel the booking altogether," said
Candid Wueest, the primary researcher on the study.
The research showed compromises usually occur when a hotel site
sends confirmation emails with a link that has direct booking
information. The reference code attached to the link could be
shared with more than 30 different service providers, including
social networks, search engines and advertising and analytics
services.
Wueest said 25 percent of data privacy officers at the affected
hotel sites did not reply to Symantec within six weeks when
notified of the issue, and those who did took an average of 10
days to respond.
"Some admitted that they are still updating their systems to be
fully GDPR-compliant," Wueest said, referring to Europe's new
privacy law, or the General Data Protection Regulation, which
took effect about a year ago and has strict guidelines on how
organizations should deal with data leakage.
(Reporting by Angela Moon; Editing by Dan Grebler)
[© 2019 Thomson Reuters. All rights
reserved.] Copyright 2019 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
|
|
