130 million hotel clients got their data leaked

29.04.2019

Huazhu Hotels Group has compromised the data of 130 million clients. Personal information and booking confirmations appeared to be on the market. The details of customers were found for sale on a dark web forum. 8 bitcoin or nearly US$56,000 for phone numbers, email addresses, bank accounts and booking details.

The investigation had been held but the outcome hasn't been revealed yet.

The dark web is only a part of the deep web (money counterfeit, drug selling) not indexed by web search engines.

Huazhu owns above 10 hotel brands and manages around 3,800 hotels across almost 400 cities.

It took Cathay Pacific Airways 7 months to announce a data breach.

Personal details of 9,4 million passengers are reported to have been accessed by attackers in March. The customers are complaining about being consciously uninformed. Since GDPR requires all the breaches to be announced within 72 hours Cathay could have paid the punishment, but the the leak is claimed to be discovered before the rule came into force.

403 expired credit card numbers and 27 credit card numbers with no card verification value were compromised, 860,000 passport numbers and 240,000 Hong Kong ID card numbers were affected.