Data breaches in hotel industry higher than any other sector in 2009, according to Trustwave report
Which is most worrisome: (A) that hackers hit the hotel industry in 38% of data breaches last year; (B) that it took the hotels an average of five months to notice a data breach; (C) that the hackers often got into the data by using software glitches that had patches available 10 years ago; or, (D) all of the above?
A new report from security firm Trustwave indicates that the hotel industry was targeted for data breaches more than any other last year primarily because they were such an easy target and the takings were so rich. The hackers gained access to potentially millions of credit card account details from hotels that did little to protect the data, and never reported the resulting identity theft risk to officials or customers. (Picture a frisky young pit bull gleefully trotting after a fat, blind, three-legged cat while the cat’s owner sleeps in a hammock nearby.)
Nicholas Percoco, a Trustwave security auditor and data breach investigator, presented the report at an annual gathering of cyber security experts, the Black Hat Conference. The data was drawn from the results of 1,900 audits and 200 post-data breach investigations.
The Trustwave report also points out an interesting negative correlation between sectors that proactively hired Trustwave to attempt penetrations to identify weaknesses, and those sectors that hired Trustwave to conduct post-data breach forensic investigations. Last year, companies in the hospitality industry accounted for only 3% (roughly 60) of the 1,900 proactive audits Trustwave performed in 24 countries last year. However, the hospitality industry accounted for 38% (roughly 76) of the forensic investigations they were for after data breaches had taken place.
Most companies avoid reporting data breaches if they can, but data breaches Radisson Hotels, Wyndham Hotels and Hilton Hotels all reported data breaches in 2009.