The 'dark web' makes hotel data breaches linger for months
Data breaches can impact victims for months, or even years, beyond the initial exposure. For the hospitality industry, which is often subject to breaches, there are particular risks that need to be addressed.
This is due to cybercriminals continually selling data on the dark web and leveraging the information to launch extremely targeted phishing scams. When news of MGM’s data breach broke earlier this year, for example, it was first reported that 10 million MGM guests had their information exposed; however, subsequent activity on the dark web suggests that at least 142 million guests may be impacted.
Every year, hotels and resorts collect sensitive consumer data and store the personally identifiable information of millions of guests.
In this case, some of the compromised guest information such as dates of birth, phone numbers, home addresses, and email addresses, belonged to government officials, celebrities, and well-known enterprise executives. Incidents like this emphasize the vitality of ensuring that proper cloud security controls are implemented to maintain data security.
To mitigate the risks of future data breaches and protect sensitive data, hospitality organizations and other companies need to have full visibility and control over their data.
By leveraging multifaceted solutions that enforce real-time access control, detect misconfigurations through cloud security posture management, encrypt sensitive data at rest, and manage the sharing of data with external parties, and prevent data leakage, organizations can ensure the privacy and security of customer information.