Join the Community

22,234
Expert opinions
44,202
Total members
434
New members (last 30 days)
217
New opinions (last 30 days)
28,750
Total comments

National security implications of weak hotel databases

  0 2 comments

The Destination Hotels & Resorts cyber security breach is not the first report of credit card details being stolen from hotel databases.

Hotels are a fantastic target for identity thieves. Hotel databases don't just hold credit card numbers and billing addresses (which are held for weeks in advance of a stay and for weeks afterwards to secure incidentals, complicating PCI data retention requirements), but for many customers the hotel also has their home address, driver licence number, airline memberships, arrival flight details, and even their passport number. It's a complete cornucopia for criminals.

And the most dangerous, most difficult to control threat vector in the hotel industry won't be war-driving or SQL injection attacks or any of the other high tech hacking tools used by organised crime. It will be the inside job. Thousands of itinerant hotel workers in every corner of the world have the opportunity to access office systems after hours, and simply download the contents of central databases to a thumb drive.

Has anyone asked the obvious question: Was the hotel PCI compliant?  How feasible is PCI-DSS for hotel chains with their horribly decentralised computer systems and untold interconnections with airlines, travel agencies and the like?  And as I've discussed previously, what difference would PCI compliance make anyway?

The vulnerability of hotel databases to identity thieves has clear implications for national security.  I trust that counter terrorism agencies are working on this problem?  Not only do these databases hold credit card, driver licence and passport numbers, but they also tell of the forward travel plans for thousands of VIPs worldwide. 

We should expect that organised criminals and terrorist organisations are tapped into hotel databases as we speak, and are mining them systematically.

Stephen Wilson, Lockstep, Australia.

 

 

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,234
Expert opinions
44,202
Total members
434
New members (last 30 days)
217
New opinions (last 30 days)
28,750
Total comments

Now Hiring