Hotels are a magnet for payment fraud
The recent MGM hotel breach is the latest example of the security challenges in the hotel sector.
Information for more than 10.6 million hotel guests was posted on a hacking forum. What is notable about this event is the caliber of the affected clientele.
The published list of affected customers ranges from pop music figures to tech industry executives, along with employees representing various government agencies from across the globe. This breach also appeared to have “flown under the radar” in security and privacy breach circles.
In spite of MGM’s quickly notifying hotel guests impacted by the breach in accordance with applicable state laws, it’s a clear concern that many of the contact details were still valid, particularly the phone numbers.
If an affected customer did not take appropriate measures to change their contact information (i.e., new email addresses or phone number) their exposure is dramatically increased, along with their odds of receiving spear-phishing emails and SIM-swapping attacks.
As this breach shows, it doesn’t matter if you have a song on the pop charts or you set strategy for one of the various government agencies.
Post-breach, any affected user needs to take steps on their own to ensure their data safety such as changing or modifying basic contact information or replacing existing accounts.