Finnish hotel data is compromised – Infosecurity Magazine

A cyber-attack on a hotel reservation system exposed the personal details of thousands of customers who stayed at high-end Finnish hotels.

News of the security incident, which affected at least five hotels, was first reported by Finnish news agency MTV on Tuesday.

Between February 10 and 14, cyber attackers exploited a vulnerability to hack into the company’s computer system that powers the reservation system of several hotels across Finland. After the hack was discovered on April 9, the vulnerability was patched.

Nordic Hotels & Resorts has revealed that the personal data of 15,497 of its customers was compromised due to an attack on the reservation system used by two of its Helsinki-based hotels – the boutique F6 Hotel and the large and luxurious Hotelli Kämp. .

The breach would have only affected customers who booked directly through the hotels’ websites.

“The reservation system of one of our suppliers’ websites has been compromised. The attack affected two of our hotels,” said Jonathan Blom, communications advisor at Nordic Hotels & Resorts.

He added: “We try to work closely with our suppliers and our IT support team to prevent such things from happening, but unfortunately there are criminals who commit crimes to gain access to information.”

Blom said on Tuesday that several other hotels in Finland were affected by the cyberattack. The incident was reported to Finnish police and the country’s data protection commissioner.

On Wednesday, MTV reported that the data breach occurred when an international reservation system operated by US travel technology firm Saber Corporation was hacked.

The news agency reported that three additional hotels in Finland were affected by the data breach. The number of guests whose personal data was compromised is now believed to have risen to at least 20,000.

“The program office reporter announced that the case also involves three other hotels in Finland,” Helsinki police forensic inspector Jukkapekka Risu told MTV.

Information compromised in the hack includes the names, addresses, phone numbers, email addresses and reservation dates of hotel guests. The data breach is not believed to have exposed sensitive identity documents or financial payment card information.

Comments are closed.