Hyatt Hotels discovers card data breach at 41 properties
Source: Reuters / Reuters Staff / 13 October 2017
The cost of lax cybersecurity measures in the global hospitality industry
One of the most infamous hackers of all time, Keven Mitnick, once said about hacking: “before it was about intellectual curiosity and now hacking is big business.” Indeed, according to one study, hackers cost businesses and consumers around the world approximately $445 billion a year. And the global hospital industry is certainly not immune to the scourge of hacking. In April 2017 InterContinental Hotels Group (IHG) announced that it believed a cybersecurity breach had occurred in only 12 of its properties worldwide. However, the hotel giant soon had to revise that figure to 1,200 properties impacted when it realised its servers had been globally infected by malware. Luckily, the malware was eradicated in every instance before any damage could be done.
The IHG cybersecurity breach was thankfully, a near miss. However, it serves as a powerful example of how a hotel chain can be brought to its knees with a simple act of hacking. Giant corporations need to remain vigilant against the ever-present threat of cyber-attacks and there are serious consequences for having a lax approach to cybersecurity. According to research carried out by Ponemon institute, the average cost of a single cyber-attack sits at around $6.5 million in the US alone, the country that experiences the highest levels of cybercrime.
And it might cost the hotel giants a lot of money, but what impact does a cybersecurity breach have on the customer?
Apart from the immediate monetary loss, which customers can seek reimbursement for, there is also a loss of trust and customer goodwill to the compromised company. When a guest has their credit card details hacked for simply staying at a hotel, it is unlikely they will trust the hotel brand in the same way again, nor refer the company to other future guests. When private and confidential personal information has been breached or stolen, customers are right to feel betrayed. Reputational loss for hotel companies after a cyber-attack makes it that much harder to rebuild their brand image as a trusted place to stay.
Yet another example of lax cybersecurity
The fact that unauthorized access was made to payment card information of guests staying at Hyatt Hotels worldwide has done untold damage on the hotel giant’s brand and customer relations. Such a breach, in which guests’ names, card numbers, and verification codes, were exposed leaves a very bad taste in the mouth for everyone involved (apart from the hackers, of course!). And it certainly rubs salt in the wounds to know that the hotel giant has faced a similar attack previously. In 2015 Hyatt’s payment processing system was compromised in about 250 of its hotels worldwide. Thankfully, Hyatt has now looked at its cybersecurity measures to forestall these types of breaches from happening again.
Apart from the obvious financial damages incurred because of cyber-attacks, hotels face the real risk of permanent damage to their brand as well as to the trust they have worked hard to build with customers. Cybersecurity in the global hospitality industry should not be taken lightly. And the need remains for hotel chains to implement comprehensive, end-to-end, and robust cybersecurity measures. Hacking is a big business, so businesses need to work hard to keep it out of theirs.