Personal data of hotel guests do not havesufficient protection and may be lost or stolen. A study conducted by Symantec showed that in 67% of hotels out of 1,500 surveyed did not take sufficient measures to protect the personal data of customers. The hotels of different levels from 2 to 5 stars, geographically located in 54 countries, including Europe, the USA and Canada, have been checked.
The main source of leakage are letters withbooking confirmation, which often contain an active link that leads to the site where the data on the customer's order are located. The body of the URL also indicates the e-mail and booking code. Using this data, it is not difficult for a scammer to find the address, full name, mobile phone number, client's passport number. Also, many hotels did not encode links in letters sent to customers.
The company Symantec announced the identifiedvulnerabilities to those affected by it, including large hotel aggregators, and some enterprises immediately responded and solved the problem of protecting confidential customer data.
Symantec Specialists Offer Certain Measuresto protect data. In particular, experts advise to use VPN when working with public Wi-Fi networks and check the format of the link, ensuring that it does not contain personal customer data. An unsecured link looks like this: https: //booking.the-hotel.tld/retrieve.php? Prn = 1234567 &[email protected]