Please sign in to post.

Article: Exposed database left terabyte of travelers' data open to the public

Again a database leak which allowed access to data of 140,000 travelers.

"The exposed database contained travelers' information like names, home addresses, lodging, children's personal information, credit card numbers and thousands of passwords stored in plaintext, the security researchers said Wednesday."

"The database belongs to Gekko Group, a subsidiary of France-based AccorHotels, Europe's largest hospitality company. Gekko Group handles business travel and luxury travel with more than 600,000 hotels across the world, according to its website."

https://www.cnet.com/news/exposed-database-left-terabyte-of-travelers-data-open-to-the-public/

Worth reading.

Posted by
5478 posts

This is one of the concerns that I have with booking directly with some hotels. On the one hand, you often gain a better price or an added benefit for booking direct. On the other hand, you place your data in the hands of a small hotel or chain, whose security practices may not be top-notch.

Oh dear.

Posted by
2156 posts

We froze our credit a couple of years ago after we were notified our info had been breached four times. I don’t know what else one can do about securing other personal information.
Several years ago I got numerous calls about paying up on outstanding bills by a person with my exact name and birthdate, except the year was different. After about five calls I was asked to verify the last four digits of my social. I refused and the calls stopped. I think it was a scam?

Posted by
6814 posts

These data breaches will continue until there is some sort of meaningful penalty imposed on those who collect all the info and then let it become compromised. I'm sure that a "corporate death penalty" and mandatory jail time for C-level executives of the companies involved would bring a swift end to these occurrences. Until that happens, expect more of the same.

Posted by
7212 posts

Ah David, if it was only so easy. Hackers will always be one step ahead of implemented security measures, no mater how thorough a company tries to be. 140,000 seems like a low number compared to most data breaches reported in the U.S. that are in the millions.

Posted by
6814 posts

I didn't mean to suggest that stopping 100% (of anything) would be easy. My point is that there is currently virtually zero incentive to take the issue seriously - which leads to predictable results (less than rigorous measures).

When the guys in the corner offices have some real skin in the game (personal jail time, corporate liquidation, real financial liability, etc.), then they will make customer data security a priority. Since currently they suffer nothing more than a brief moment of embarrassment over a data breach, it's business as usual, and it will continue to be.

Posted by
3109 posts

@david: In the medical setting, data security is taken seriously. You can get fired for exposing patient data. There are many restrictions about it.

And the incidences of exposing patient data have dropped over the years, and it seldom happens now.