The Shangri-La hotel chain was hit by a cyber-attack in May which allowed hackers to access guests’ information from the hotel database. The multinational hospitality conglomerate boasts over 100 hotels and resorts in 78 destinations around the world.
The attack targeted eight of the Shangri-La subsidiary locations across Asia – with 3 properties in Hong Kong, 2 in Singapore, and one each in Taiwan, Japan, and Thailand.
Shangri-La Data Breach Incident
In a statement released on the 30th of September, Shangri-La disclosed that “a sophisticated threat actor” bypassed their IT security monitoring systems undetected and illegally accessed their guest databases. The hotel chain admitted to becoming aware of suspicious activities in July and that the actual access to the guest database began as early as May.
The company assured the public that hotel operations or bookings were not affected by the breach but admits that certain data files were exfiltrated containing guests’ contact information. The hotel revealed that the databases that were hacked contained a combination of guest names, e-mail addresses, phone numbers, postal addresses, Shangri-La Circle membership numbers, reservation dates, and company names.
Shangri-La insists, however, that the sensitive data of guests were encrypted – this includes passport numbers, identification numbers, dates of birth, and credit card numbers with expiry dates.
The hotel also ensured that the relevant authorities were notified and the investigations so far have yielded “no evidence of misuse of the customers' personal information.” Even so, the hotel chain has offered a free third-party identity monitoring service to its customers for one year and still encourages its guests to be on the lookout for any suspicious activities or notifications across their accounts.
Shangri-La says it waited until the threat actor had been entirely removed from its systems before notifying their guests of the breach - a move which upset the Hong Kong Privacy Commissioner for Personal Data (PCPD).
In a media statement issued, the PCPD office noted that the personal data of over 290,000 Hong Kong customers could have potentially been affected. They further added “disappointed to note that Shangri-La only formally notified the PCPD and informed its customers of the incident more than two months after it had become aware of the incident.”
The hotel itself maintains that the investigation was carried out with “the utmost urgency to determine the nature and extent of the incident and to contain the threat.”
The 19th Shangri-La Dialogue and the breach
Interestingly, the cyber-attack comes mere weeks after a Shangri-La Singapore based hotel hosted the IISS 19th Shangri-La Dialogue which took place from June 10 to June 12. It is the event that ironically features itself as Asia’s leading defense conference.
Attendees of the summit included the prime minister of Japan Fumio Kishida, US defense secretary Lloyd J. Austin III, and several other defense ministers and high-level dignitaries from across Indonesia, France, Malaysia, Qatar, China, the UK, Germany, and many other nations.
Alongside the security conference, Australia’s Defense Minister Richard Marles met the Chinese Defense Minister, General Wei Fenghe – a meeting which marked the first high-level contact between the two nations since a diplomatic freeze in early 2020.
The Defense Department confirmed to ABC that they were aware of the data breach affecting Shangri-La hotels. They mentioned it was "working with the company to understand the impact on Australian Defense attendees at the Shangri-La Dialogue," and would work with any impacted personnel to minimize any potential risks that could arise as a result of the incident.
It remains unclear if any of the attendees of the event stayed at the hotel, and as such might have had their details registered in the compromised database. However, the event organizer remains confident that the data related to the Shangri-La Dialogue was stored on a separate server and was not affected by the breach.
Hotel Cyber-Attacks Rising
This is not the first cyber-attack that halted the hospitality industry this year. The recent attack on the IHG hotel chain sent ripples through the industry in early September when it disrupted IHG hotel booking operations and led to the destruction of hotel data with the use of wiper malware. Similarly, in July the Marriott Hotels were victims of their 3rd cyber-attack in the last 4 years – compromising 20GB of sensitive company data.
Hotels may be easier targets for cyber-criminals as more systems push towards online management and hotels tend to deal with large amounts of personal data - which can easily be leveraged for monetary gain in a cyber-attack.
The surge of these recent incidents has forced hotel chains to reconsider their cybersecurity defenses and improve their existing infrastructure. This is why Sangfor offers advanced and innovative cybersecurity solutions for your company because we understand how important your guests and your company’s data are.
Sangfor solutions for Hotels and Hospitality industry to safeguard them for such possible cyber-attacks. Sangfor’s comprehensive security measures prevent and mitigate cyber-attacks in real time through the integration of key products and services.
- Our advanced Sangfor Next Generation Firewall is used in conjunction with Endpoint Security to identify malicious files at both the network level and endpoints.
- Sangfor’s Cyber Command Product – an NDR Platform, monitors for malware, residual security events, and future potential compromises in your network. It ensures your data is always kept strictly protected and consistently monitoring your system for lingering threats.
- The Sangfor Anti-Ransomware solution provides innovative strategies to prevent ransomware attacks by breaking every step in the kill chain.
Finally, the Sangfor Incident Response services helps in locating and eradicating threats. Our experts also implement active disaster recovery, provides personalized threat analysis that safeguards your company from any future cyber attacks. For more information on Sangfor’s cyber security and cloud computing solutions, visit www.sangfor.com.