Last year we spent significant time talking about AI. There is another topic, I believe, that could become recurrent in 2024: cyber security and data protection.

Artificial intelligence — including generative AI and large language models — will continue to be part of our industry as they improve traveler experiences. Contactless technologies (mobile payments or check-ins) have also become increasingly popular. And most of us use hotel Wi-Fi networks on a regular basis. Therefore, it is only natural we realize how important the topic of security is becoming.

Only 0.1% of cyber attacks are successful, yet every 39 seconds, a successful cyber-attack is conducted. That's alarming, especially considering how attractive the hospitality industry can be to hackers. We collect, store and maintain large amounts of sensitive data that it is spread out geographically.

Cornell University and Freedom Pay research stated that 31% of hospitality providers have reported data breaches, and basic web attacks surrounding guest information represent 90% of hospitality breaches. But the cost is not just monetary; it can damage a company’s reputation forever.

Common Cyber Attacks in Hospitality

  • Phishing attack: convinces an email’s recipient to share personal information. HTML attachments make up 50% of corrupted files.
  • Ransomware: blocks access to certain data or systems until payment — in hospitality, this can mean letting guests into their rooms.
  • Distributed Denial of Service: targets systems such as sprinklers or security cameras.
  • Point of Sale: probably the biggest threat as it comes from third-party vendors.
  • DarkHotel: targets business guests, convincing then to download a software using hotel’s Wi-Fi.
  • Customer data or identity theft: the most common in our field.

Biggest Cyber Attacks in the Hospitality Industry

  • Marriott International has suffered at least three breaches. In early 2020, a data breach affected up to 5.2 million guests. Before that, Starwood’s malware went undiscovered for four years, impacting millions of records on its reservation system, including credit card and passport numbers. These breaches cost Marriott more than $500 million, plus the company was fined $120 million for GDPR violations.
  • A British Airways cyber attack diverted traffic to a false site and compromised credit card details for up to 500,000 people.
  • Choice Hotels had a third-party vendor copying its data without authorization, moved it to its server and then the vendor was attacked.
  • Sonder reported unauthorized access to one of its systems that included guest records.
  • A cyber attack on Hilton compromised over half a million reservation records in its loyalty platform Hilton Honors.
  • Wyndham Hotelsspent over $5 million in legal and vendor fees to remediate breaches that led to customers losing more than $1.6 million to credit-card fraud.

What Can Hospitality Professionals do?

With Google’s impending removal of the third-party cookie approaching, it is now more important than ever for hoteliers to have a strategy in place for collecting first-party data to be able to communicate and build relationships. Moreover, they need to be more careful and protective than ever before, and work with trusted, low-risk vendors.

The Open Web Application Security Project is a non-profit organization founded in 2001 with the goal of helping website owners and security experts protect web applications from cyber attacks. They offer a top-10 standard awareness document for developers that represents a broad consensus about the most critical security risks to web applications.

Companies, as The Hotel Network does, should adopt this document and start the process of ensuring that their web applications minimize these risks. This is perhaps the most effective first step towards changing the software development culture within your organization into one that produces more secure code.


*This article was originally publised on Hotel News Now.

About The Hotels Network

The Hotels Network is an innovative technology company working with over 20,000 hotels around the globe. Boasting an international team of specialists with deep expertise in hospitality, product design and consumer marketing, the company offers clients a full-stack growth platform to power their direct channel. By leveraging a series of integrated tools and analytics, hotel brands can attract, engage and convert guests throughout the user journey.

In addition to price comparison, reviews summary and a full suite of personalization options, THN's Predictive Personalization product harnesses machine learning techniques to predict user behavior and then automatically personalizes both the message and the offer for each user. The company's benchmarking product, BenchDirect, is the first of its kind for the direct channel, providing hotels with never-before-seen competitive data.

THN is proud to have been recognized for the company's product innovations, rapid growth, and unique workplace culture for the second year in a row, most recently named the Best Direct Booking Tool for 2024 in the prestigious HotelTechAwards.

For more information about THN, visit https://thehotelsnetwork.com/en or contact [email protected].