February 21, 2019 • Rachel Zisek
Category: Legal Updates
Security has become a paramount concern for hotels across the globe. While the hospitality industry has historically prioritized efforts to safeguard properties from physical threats of violence, digital security threats are on a meteoric rise. Most notably, hackers have devised ways to infiltrate hotels’ online security measures. A common tactic used by hackers involves the use of ransomware, a type of malicious software that prevents system access unless a sum of money is paid to the culprits. A very infamous example took place in the Austrian Alps at the four-star Seehotel. Between December 2016 and January 2017, Seehotel’s electronic door locks and other internal systems were held for ransom on four separate occasions. Guests were unable to use their hotel door keys until Seehotel’s managing director paid the digital attackers.
Major hotel brands in the United States have also been subject to digital thefts of guest information, particularly through POS systems. In November 2018, Radisson Hotels experienced a security breach that affected members of its rewards program. That same month, Marriott International, the largest hotel chain in the world, disclosed a giant data breach affecting 500 million customer accounts (including the disclosure of 5 million unencrypted passport numbers). Hilton, Hyatt, and InterContinental Hotels Group have also experienced similar security breaches in recent years. These cyberattacks can create public relations hurdles and present large, unanticipated financial consequences. According to a 2018 study conducted by IBM, each breached guest record costs the hospitality industry approximately $120.
Digital security vulnerabilities can also give rise to physical security threats. A Finnish cybersecurity firm revealed last year that it found a flaw in a digital lock system that may be used in millions of hotel rooms across the globe. The firm found a vulnerability that allowed it to “spoof” hotel master keys that would be able to unlock any door within the hotel.
Given the rise of digital security threats, hoteliers are in search of practical, preventive solutions to protect their guests and digital assets. First and foremost, hotels must be vigilant in evaluating potential weaknesses in their remote access points, whether it be through electronic door locks, alarms, or online booking systems. Hotels may also wish to engage cybersecurity experts to evaluate their digital infrastructure. One such innovative cybersecurity expert is Synack, a company that partners with freelance “hackers” to identify online vulnerabilities for its customers. If you are interested in discussing digital security protections for your business, please reach out to Stokes Wagner.