HOTEL BUSINESS REVIEW

FOCUS:

 

Keeping Infostealers from Checking-In

By Erik Eisen CEO, CTI Technical Services | February 2025

As cyber threats evolve, a new wave of malware is gaining traction in the criminal underground: infostealers. These potent data-harvesting tools are becoming a go-to choice for threat actors because of their ability to quickly and effectively siphon sensitive information—everything from banking credentials to email passwords—to sell on the dark web, fueling identity theft, financial fraud, and even corporate espionage.

The use of infostealers has skyrocketed in recent ransomware campaigns, often serving as a reconnaissance tool. Attackers use infostealers to gather login credentials, allowing them to move laterally across networks, escalate privileges, and tailor their attacks to inflict maximum damage before deploying a ransomware payload.

Their heavy reliance on a wide range of connected technologies to manage operations and provide a seamless guest experience and the wealth of sensitive data they hold—especially credit card information—make hotels highly attractive targets for hackers, with infostealers a primary avenue of attack. Nearly one-third of hospitality organizations have suffered a data breach, the vast majority (90%) of which leveraged some form of infostealer. According to IBM, the hospitality industry experienced a 14 percent increase in average data breach costs, rising to $3.82 million in 2023 from $2.94 in 2022.

Hotels are entrusted with their guests’ personal and financial information. Protecting that data—and their systems—from nefarious actors and the increasingly sophisticated infostealers they use is financially and reputationally paramount.

A Primer on Infostealers

Infostealers are part of the emerging malware-as-a-service (MaaS) economy, in which coders develop and sell infostealer malware to cybercriminals. They are designed to infect systems or networks and extract sensitive data such as names, addresses, dates of birth, social security numbers, passwords and other credentials, credit card numbers, bank information—anything that has value on the dark web or black market, or that can be used to extort victims by demanding ransom in return for not releasing the information publicly.

Some infostealers delete themselves immediately after stealing an initial trove of data. Others are programmed to remain on the infected computer, continuously scouring for new data to steal.

Infostealer attacks are considered a form of social engineering for their use of deceptive tactics to trick users into downloading and running the malware. One of the most prominent and costly forms is phishing, in which email or text messaging is used to trick employees or guests into clicking on links to download malicious software. Driven by the growing popularly of generative AI, phishing attacks have surged by 1,265 percent, with HTML attachments making up half of the file types used for email-based phishing attacks.

Other common avenues taken to deploy infostealer malware include fake password or account recovery software, password crackers, and software updates, as well as “drive-by” attacks where the victim visits an infected website that has been promoted most often via “malvertising,” deceptive software downloads, and on gaming sites.

Once installed, infostealers leverage a variety of tactics to scour networks and capture credentials and sensitive information, potentially wreaking havoc on the compromised guests’ finances and leading to significant financial and reputational damage to the hotel. Among the most common tactics are:

  • Clipboard Hijacking: Monitoring and modifying the content of a computer’s clipboard.
  • Cookie Hijacking or Sidejacking: Taking over an internet session to steal cookies and session tokens.
  • Credential Dumping: Extracting account credentials and other stored data.
  • Email Harvesting: Searching emails and stored files to collect email addresses and other contact information.
  • Form Grabbing: Intercepting data submitted via web forms before it can be encrypted.
  • Keylogging: Capturing every keystroke made by a user on their computer.
  • Man-in-the-Browser Attacks: Injecting malicious code or a Trojan Horse into a web browser to manipulate information as it’s entered.
  • Screen Capture and Recording: Taking screenshots of the victim’s screen at key moments.
  • Vishing: Phone calls or voicemails that spoof known people or organizations to trick people into sharing sensitive information.

Stolen credentials can also be used to gain access to connected systems, such as payment portals and booking sites. For example, there have been several recent incidents in which hackers use a method called pretexting by posing as former guests to trick hotel employees into downloading malware.

Doing so gave the hackers access to the hotels’ Booking.com accounts, which they then used to launch sophisticated phishing campaigns featuring convincing messages about canceled reservations or payment verification needs that sent victims to a spoof of the Booking.com website where they entered personal information and credit card details to salvage their “canceled” reservations.

High-Value Targets

Hotels feature several characteristics that make them attractive to infostealer attacks. The most obvious is the vast trove of highly sensitive personal information they hold on their guests—everything from personal demographics to credit card and other financial information. This, coupled with the volume of financial transactions processed daily, loyalty program data that is rich with personally identifiable information (PII), and their diverse geographic footprint—particularly those with an international clientele—make them appealing targets.

There are also several aspects of hotel business operations that make them uniquely vulnerable. A diverse workforce with a high number of seasonal workers and employees with limited knowledge of cybersecurity practices is a primary issue. Frequent and face-paced guest interactions, unchecked system access, and a commitment to creating an exceptional experience can also increase risk levels, as can a lack of training on best practices and a failure by many organizations to prioritize security and lock down infrastructures.

These weaknesses are evident in the common themes used in infostealer attacks on hotels, which include booking, reservation changes, complaints, wedding stays, hotel requests, and special accommodation requests. Such approaches are equally effective at tricking guests and employees into clicking on dangerous links and are not biased by size, guest profile, or geographic footprint.

Marriott, for example, discovered malware in its system in September 2018 that compromised credit card and passport information stored in the records of up to 500 million hotel guests. The attack was traced back to its Starwood brand’s reservation systems, which had been compromised in 2014 prior to its acquisition by Marriott. An investigation revealed a Trojan Horse that was likely introduced into the system via a phishing email four years earlier. The estimated remediation cost to Mariott exceeds $78 million, much of which was ultimately covered by cybersecurity insurance. Separately, the hotel chain was fined $120 million in 2019 by the UK’s Information Commissioner’s Office (ICO) and, in October 2024, a $52 million multistate settlement was reached with 50 states. Some speculate that when indirect costs related to loss of customers and reputational damage are added to the mix, the true cost of the breach could ultimately reach billions of dollars in lost revenue.

Guest relations are not the only entry point for infostealers, however. A massive attack in September 2023 at MGM Resort International started with a vishing call to MGM’s IT help desk which ultimately provided access to the account of a super administrator with advanced privileges across MGM’s systems. That access was then used to steal data, lock guests out of their rooms, and disrupt payment systems and the reservation website and mobile app. Occupancy dropped to 88 percent during the month of the attack, which generated an estimated financial impact of $100 million. That includes $10 million in costs for technology consultants, legal fees, and other third-party advisors, but not the fines that are expected to be levied once federal and state regulators finish their investigations.

That same month, attackers used infostealers to compromise an IT vendor and use its privileged access to steal Caesars Entertainment’s loyalty program database containing driver’s license details, social security numbers, and other highly sensitive information. The attackers then demanded a $30 million ransom to prevent online publication of the stolen data, of which Caeser’s agreed to pay $15 million.

While the highest profile attacks have been on large enterprises, boutique hotels and small chains are at equally high risk of being infiltrated by infostealers and the financial and reputational impacts are equally devastating. That risk can be lowered by implementing some basic cybersecurity practices.

Fending Off Infostealers

There are several actions hoteliers can implement immediately to cut the risk of falling victim to infostealers, beginning with deploying firewalls and anti-malware software from reputable vendors to continuously monitor for and block malicious activity. These systems should be updated frequently to ensure they are watching for the latest threats. In terms of credentials, strong passwords that are changed regularly and multifactor authentication can make it more difficult for malware to steal credentials if they do make it inside. Limiting use of third-party apps on the network can add an additional layer of protection.

Because infostealers rely on human error, training to increase staff awareness is a crucial aspect of cybersecurity best practices. At minimum, staff should be trained on the importance of logging out of devices, using and updating strong passwords, keeping credentials private, and how to spot and report potential phishing and other infostealer techniques.

Avoidance should be a significant aspect of staff training. For example, avoiding the use of search engines to locate login pages and instead bookmarking legitimate URLs, and how to spot subtle changes to URLs which is a common tactic used by hackers to send users to spoofed sites. Staff should also be taught to be wary of clicking on online ads which can lead them to malicious and spoofed web pages where malware is lurking.

The same is true of emails. For inbound email, train staff to be vigilant and to verify the sender’s email address before clicking on links, attachments, or hyperlinked content. Outbound email activity should also be monitored, as unauthorized reservations sent from the hotel’s system can signal an active phishing attack.

Beyond the basics, hotels should take additional steps to eliminate vulnerabilities by identifying and closing security gaps and strengthening areas of weakness. Conduct regular risk assessments by evaluating the cyberthreat landscape and the hotel’s security practices to ensure they are aligned. This will ideally include a supply chain risk assessment to ensure their suppliers—and their suppliers’ suppliers—to ensure they have suitable protections in place to avoid falling victim to a third-party infostealer attack.

Using a cybersecurity framework, such as the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF ) can help hotels develop strong systems to protect against infostealers and other cyberattacks. NIST Special Publication 1800-27 Securing Property Management Systems also contains specific guidelines that can help hotels improve their cybersecurity.

Limiting the amount of and access to sensitive data, investing in threat intelligence, and end-to-end encryption of point-of-sale systems are all recommended steps hotels can take to mitigate their risk and protect their business, employees, partners, and guest from falling victim to infostealers.

Finally, consider partnering with an IT management firm that provides cybersecurity services to maintain software and devices. Look for a provider with specific experience in hospitality and cybersecurity that offers at minimum proactive monitoring, regular security assessments, and staff training, and that has a deep understanding of compliance requirements. During the evaluation process, be sure to ask prospects about their response times and disaster recovery capabilities and obtain—and check—references.

The Best Defense

The reality is that no hotel is safe from infostealer attacks, and the threat increases as MaaS providers grow increasingly more stealth and sophisticated. The data they hold is simply too valuable for cybercriminals to resist.

By raising staff awareness, hardening technology and software, and establishing robust security protocols, the fall-out can be minimized and the practice will be able to continue providing quality patient care with minimal disruptions.

Mr. Eisen

Erik Eisen is CEO of CTI Technical Services, a leading provider of IT support and cybersecurity services with a diverse clientele including hospitality, legal, manufacturing, dental specialties, small medical practices, and other industries. For more than 20 years, Mr. Eisen has provided security and cybersecurity, implemented state of the art technology solutions, and delivered services that protect the integrity of a business's data and, more importantly, their clients' and customers' data. He is at the forefront of exploring AI integration to help businesses enhance operations while preserving the essential human touch, ensuring new technologies are embraced effectively to improve client service. Extended Biography & Contact Information

HotelExecutive retains the copyright to the articles published in the Hotel Business Review. Articles cannot be republished without prior written consent by HotelExecutive.

Choose a Social Network!

The social network you are looking for is not available.

Close

Terms & Conditions

The following are terms of a legal agreement ("Agreement") between you and HotelExecutive. By accessing, browsing and/or otherwise using this web site, HotelExecutive, you acknowledge that you have read, understood and agreed to be bound by these terms and conditions, and to comply with all applicable laws and regulations, including U.S. export and re-export control laws and regulations. If you do not agree to all of these terms and conditions, you may not access, browse and/or use HotelExecutive. The material provided on HotelExecutive is protected by law, including, but not limited to, United States copyright law and international treaties.

These terms of access apply to your access to and use of HotelExecutive and do not alter in any way the terms and conditions of any other agreement you may have with HotelExecutive for products, software, services or otherwise, unless otherwise directed by HotelExecutive. If you breach any of these terms and conditions, your authorization to use HotelExecutive automatically terminates and you must immediately destroy any downloaded or printed materials and discontinue use of any hyperlinks to HotelExecutive.

1. USE RESTRICTIONS

Copyright. All Site materials, including, without limitation, text, pictures, graphics and other files and the selection and arrangement thereof are copyrighted materials of HotelExecutive © 1996-2016, ALL RIGHTS RESERVED, or by the original creator of the material. Permission is granted to display and use the materials on HotelExecutive for private individual, educational and noncommercial use only, provided you do not modify the materials and that you retain all copyright and other proprietary notices contained in the materials. You may not, however, distribute, copy, reproduce, display, republish, download, or transmit any material on HotelExecutive for commercial use without prior written approval from HotelExecutive. You may not "mirror" any material contained on HotelExecutive on any other server without prior written permission from HotelExecutive. Any unauthorized use of any material contained on HotelExecutive may violate copyright laws, trademark laws, the laws of privacy and publicity and communications regulations and statutes.

Trademarks

The trademarks, service marks, trade names and logos (the "Trademarks") used and displayed on HotelExecutive are registered and unregistered Trademarks of HotelExecutive. In addition, all page headers, custom graphics, icons and scripts are service marks, trademarks and/or trade dress of HotelExecutive, and may not be copied, imitated or used, in whole or in part, without the prior written permission of HotelExecutive. You acknowledge that the Trademarks used and displayed on HotelExecutive are and shall remain the sole property of HotelExecutive or the Trademark owner. Nothing in this Agreement shall confer any right of ownership of any of the Trademarks in you. Further, nothing in HotelExecutive shall be construed as granting, by implication, estoppel or otherwise any license or right to use any Trademark used or displayed on HotelExecutive, without the express written permission of HotelExecutive or the Trademark owner. The misuse of the trademarks displayed on HotelExecutive, or any other Content on HotelExecutive, is strictly prohibited.

Hyperlinks

You are granted a limited, nonexclusive right to create a hypertext link to HotelExecutive provided that such link is to the entry page of HotelExecutive and does not portray HotelExecutive or any of its products or services in a false, misleading, derogatory, or otherwise defamatory manner. This limited right may be revoked at any time for any reason whatsoever. You may not use framing techniques to enclose any Company trademark, logo or trade name or other proprietary information including the images found at HotelExecutive, the Content of any text or the layout/design of any page or any form contained on a page without HotelExecutive's express written consent. Links to third party sites on HotelExecutive are provided solely as convenience to you. If you use these links, you will leave HotelExecutive. HotelExecutive has not reviewed all of these third party sites and does not control and is not responsible for any of these sites, their Content or their policies, including, without limitation, privacy policies or lack thereof. HotelExecutive does not endorse or make any representations about third party sites or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third party sites linked to HotelExecutive, you do so entirely at your own risk. You acknowledge and agree that HotelExecutive shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by, or in connection with the use of or reliance on any such third party sites.

Downloadable Materials

Any software, including codes or other materials that are made available to download from HotelExecutive, is the copyrighted work of HotelExecutive and/or its suppliers and affiliates. If you download software from HotelExecutive, use of the software is subject to the license terms in the software license agreement that accompanies or is provided with the software. You may not download or install the software until you have read and accepted the terms of the applicable software license agreement. Without limiting the foregoing, copying or reproduction of the software to any other server or location for further reproduction or redistribution is expressly prohibited unless otherwise provided for in the applicable software license agreement in the case of software, or the express written consent of HotelExecutive in the case of codes or other downloadable materials.

Limited Access

Except as otherwise expressly permitted by HotelExecutive, any access or attempt to access other areas of HotelExecutive computer system or other information contained on the system for any purposes is strictly prohibited. You agree that you will not use any robot, spider, other automatic device, or manual process to "screen scrape," monitor, "mine," or copy the Web pages on HotelExecutive or the Content contained therein without HotelExecutive's prior, express, and written permission. You will not spam or send unsolicited e-mail to any other user of HotelExecutive for any reason. You agree that you will not use any device, software or routine to interfere or attempt to interfere with the proper working of HotelExecutive. You agree that you will not take any action that imposes an unreasonable or disproportionately large load on HotelExecutive's infrastructure.

Additional Use Restrictions

You shall not post, transmit, e-mail, re-transmit or store material on or through any of the services provided by HotelExecutive (the "Services") which, in the sole judgment of HotelExecutive: (i) is in violation of any local, state, federal or non-United States law or regulation, (ii) is threatening, obscene, indecent, defamatory or that otherwise could adversely affect any individual, group or entity (collectively, "Persons") or (iii) violates the rights of any person, including rights protected by copyright, trade secret, patent or other intellectual property or similar laws or regulations including, but not limited to, the installation or distribution of "pirated" or other unauthorized photos or software products that are not appropriately licensed for use by you. You shall be responsible for determining what laws or regulations are applicable to its use of the Services. In addition, you may only use the Services in a manner that, in HotelExecutive's sole judgment, is consistent with the purposes of such Services. If you are unsure of whether any contemplated use or action is permitted, please contact HotelExecutive at editor@HotelExecutive By way of example, and not limitation, the following uses described below of the Services are expressly prohibited:

A. upload, post, e-mail or otherwise transmit any information, data, text, software, music, sound, photographs, graphics, video, messages or other materials (collectively, "Content") that is unlawful, harmful, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, libelous, invasive of another's privacy, hateful, sexually intolerant or racially, ethnically or otherwise objectionable;

B. impersonate any person or entity, including, but not limited to, a Company official, forum leader, guide or host, or falsely state or otherwise misrepresent your affiliation with a person or entity;

C. forge headers or otherwise manipulate identifiers in order to disguise the origin of any Content transmitted through the Services or develop restricted or password-only access pages, or hidden pages or images (those not linked to from another accessible page);

D. upload, post, e-mail or otherwise transmit any Content that you do not have a right to transmit under any law or under contractual or fiduciary relationships such as inside information, proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements;

E. upload, post, e-mail or otherwise transmit any Content that infringes any patent, trademark, trade secret, copyright or other proprietary rights of any party;

F. upload, post, e-mail or otherwise transmit any unsolicited or unauthorized advertising, promotional materials, "junk mail," "spam," "chain letters," "pyramid schemes" or any other form of solicitation;

G. upload, post, e-mail or otherwise transmit any material that contains software viruses, worms or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment;

H. interfere with or disrupt the Services or servers or networks connected to the Services, or disobey any requirements, procedures, policies or regulations of networks connected to the Services;

I. intentionally or unintentionally violate any applicable local, state, national or international law, including, but not limited to, regulations promulgated by the U.S. Securities and Exchange Commission, any rules of any national or other securities exchange, including, without limitation, the New York Stock Exchange, the American Stock Exchange or the NASDAQ, and any regulations having the force of law;

J. 'stalk' or otherwise harass another user of HotelExecutive or Company employee or official;

K. promote or provide instructional information about illegal activities, promote physical harm or injury against any group or individual, or promote any act of cruelty to animals. This may include, but is not limited to, providing instructions on how to assemble bombs, grenades and other weapons, and creating "Crush" sites; and

L. effecting security breaches or disruptions of Internet communication. Security breaches include, but are not limited to, accessing data of which you are not an intended recipient or logging into a server or account that you are not expressly authorized to access.

M. advertising to, or soliciting any user of HotelExecutive to buy or sell any products or services through the unauthorized or impermissible use of the Services. You may not transmit any junk email or chain letters to other users. If you breach this Agreement and send unsolicited bulk email, instant messages or other unauthorized commercial communications of any kind through the Services, you acknowledge that you will have caused substantial harm to HotelExecutive, but that the amount of such harm would be extremely difficult to ascertain. As a reasonable estimation of such harm, you agree to pay HotelExecutive $500 for each such unsolicited email or other unauthorized commercial communication you send to each user through the Services.

2. DISCLAIMER WARRANTY

HotelExecutive, including all software, functions, materials, and information is provided "as is" without warranties of any kind, either express or implied. HotelExecutive disclaims all warranties, express or implied, including, but not limited to, warranties of non-infringement and implied warranties of merchantability, fitness for a particular purpose, non-infringement, title, merchantability of computer programs, data accuracy, system integration, and informational Content. HotelExecutive does not warrant or make any representations regarding the operation of HotelExecutive, the use, validity, accuracy or reliability of, or the results of the use of the materials on HotelExecutive or any other sites linked to HotelExecutive. The materials of HotelExecutive may be out of date, and HotelExecutive makes no commitment to update the materials at HotelExecutive. HotelExecutive does not and cannot guarantee or warrant that the files available for downloading from HotelExecutive, if any, will be free from infection, viruses, worms, Trojan horses, or other code that manifest contaminating or destructive properties. HotelExecutive does not warrant that HotelExecutive, software, materials, products, or services will be uninterrupted or error-free or that any defects in HotelExecutive, software, materials, products, or services will be corrected.

3. LIMITATION OF LIABILITY

In no event will HotelExecutive, its suppliers or other third parties mentioned at or in HotelExecutive be liable for any damages, including, without limitation direct, indirect, special, incidental, or consequential damages, damages resulting from lost profits, lost data or business interruption arising out of relating to the use, inability to use, or resulting from the use of HotelExecutive, any web sites linked to HotelExecutive, the materials, software or other information contained in any or all such sites, whether based on warranty, contracts, statutes, regulations, tort (including but not limited to, negligence) or any other legal theory and whether or not advised of the possibility of such damages. If your use of the materials or information from HotelExecutive results in the need for servicing, repair or correction of equipment or data, you assume all costs thereof.

4. REVISIONS TO THIS AGREEMENT

HotelExecutive may revise this Agreement at any time without notice by updating this posting. By using HotelExecutive you agree to be bound by any such revisions and should therefore periodically visit HotelExecutive and page to determine the then current Terms of Access and Use conditions of use to which you are bound.

5. TRANSMISSIONS

Any idea you transmit to or post on HotelExecutive by any means will be treated as non-confidential and non-proprietary and may be disseminated or used by HotelExecutive or its affiliates for any purpose whatsoever, including, but not limited to, developing and marketing products. You are prohibited from posting or transmitting to or from HotelExecutive any unlawful, threatening, libelous, defamatory, obscene, scandalous, inflammatory, pornographic, profane material or any other material, including but not limited to any material that could give rise to any civil or criminal liability under both domestic and international law.

6. YOUR WARRANTIES

You warrant to HotelExecutive that:

You are the sole owner of all rights in the materials posted or uploaded by you (including all related copyrights) or that you have the absolute right to license their use as provided in this section. While you will retain ownership of the copyright in the materials posted or uploaded by you, you agree that all materials posted or uploaded by you shall become part of a database, and that HotelExecutive will own the compilation copyright in that database. In addition, you hereby grant HotelExecutive a perpetual, worldwide, irrevocable license to use, reproduce, modify, publish, publicly perform, publically display and distribute such materials, and portions of such materials and any derivative works created from such materials, in print, electronic and other media, by any means now known or developed in the future. We may sublicense all of our rights and licenses or assign them to third parties. Neither HotelExecutive nor any third party using the materials in accordance with this section will be obligated to pay you any royalties or other compensation for use of the materials.

You will comply with these Terms of Access and Use including, without limitation, the USE RESTRICTIONS set out in Section 3 above;

You agree to indemnify and hold HotelExecutive harmless from any claim or damages (including any legal fees in relation to same) made by a third party in respect of any matter in relation to or arising from your use and/or membership arising from any breach or suspected breach of these Terms of Access and Use by you or your violation of any law or the rights of any third party.

7. ACTIONS WE MAY TAKE AT OUR SOLE DISCRETION

HotelExecutive may take any or all of the following actions at our sole discretion:

Remove any member profile (including photographs) or other material that, in our sole discretion may be inappropriate or we suspect to be illegal, subject us to liability or which may violate these Terms of Access and Use or where required to do so by law;

Issue members with verbal or written warnings and may take such further action as we deem appropriate if such warnings are not heeded;

Suspend or terminate a member's access to the members's area of HotelExecutive or a member's account without notice at any time;

Inform the appropriate authorities and provide them with information regarding any suspected illegal activity; or bring legal action against a member or other user of HotelExecutive in relation to any breach of these Terms of Access and Use or any illegal or suspected illegal activity.

8. GOOD SAMARITAN CONTENT AND COMPLAINT PROCEDURES POLICY

A. Policy

We have provided opportunities for you to contribute Content to our Site. It is our policy, however, not to allow any Content which may constitute intellectual property infringement; violations of federal, state, or local law; obscene or defamatory material, or may otherwise be unacceptable or inappropriate. Upon learning of such Content, we will attempt, and you hereby give HotelExecutive the right, to delete, edit, remove, disable, change, or restrict access to or the availability of the Content, which in our sole discretion, is otherwise unacceptable or objectionable. We may or may not notify you about what action we take with respect to the disputed Content. The provisions of this section are intended to implement this policy but are not in any way intended to impose a contractual obligation upon us to undertake, or refrain from undertaking, any particular course of conduct.

B. Complaint Procedures

If you believe that another user or other third party has posted Content which violates this policy or specifically the USE RESTRICTIONS in Section 3 above, you may notify HotelExecutive via e-mail at editor@HotelExecutive . In order to allow HotelExecutive to respond effectively, please provide HotelExecutive with as much information as possible in your correspondence, including: (1) the nature of the right infringed or violated (including any applicable registration numbers of the federally-registered intellectual property allegedly infringed), if applicable, or the unacceptable or inappropriate Content; (2) all facts which lead you to believe that a right has been violated or infringed, if applicable; (3) the precise location where the offending Content is located; (4) any grounds to believe that the party or user which posted the Content was not authorized to do so or did not have a valid defense (including the defense of fair use), if applicable; (5) if known, the identity of the party or user who posted the infringing, offending, or inappropriate Content; and (6) in the case of alleged copyright infringement claims, information sufficient to identify the work and your claims to ownership.

C. Indemnification/Waiver of Certain Rights

By contacting HotelExecutive and complaining of an alleged violation, you agree that the substance of your complaint shall constitute a representation made under the pains and penalties of perjury pursuant to the laws of the State of California. In addition, you agree, at your own expense, to defend and indemnify HotelExecutive and hold HotelExecutive harmless against all claims which may be asserted against HotelExecutive, and all losses incurred, as a result of your complaint and/or our response to it.

D. Waiver of Claims and Remedies

We expect all users of our Site to take responsibility for their own actions and cannot and do not assume liability for any acts of third parties which take place at our Site. By utilizing the Good Samaritan procedures set forth herein, you waive any and all claims or remedies which you might otherwise be able to assert against hotelexecutive under any theory of law (including, but not limited to, intellectual property laws) that arise out of or relate in any way to the content at hotelexecutive or our response, or failure to respond, to a complaint.

E. Investigation/Liability Limitation

You agree that we have the right, but not the obligation, to investigate any complaint received. By reserving this right, we do not undertake any responsibility in fact to investigate complaints or to remove, edit, disable or restrict access to or the availability of Content. We will not act on complaints that we believe, in our sole discretion, to be deficient, incomplete, or otherwise questionable. If you believe that Content remains on HotelExecutive which violates your rights, Your sole and exclusive remedy shall be against the user or other party responsible for said content, not against HotelExecutive. your sole and exclusive remedy against HotelExecutive shall be to terminate your use of HotelExecutive and service.

Digital Millennium Copyright Act Compliance. As set forth in Subsection (b), you must contact our agent if you believe that a work protected by a U.S. Copyright which you own has been posted on our Site without authorization or that our Site, in some material way, contributes to its infringement. It is our policy in appropriate circumstances, if possible, to terminate the access rights of repeat infringers and other users who use HotelExecutive in an inappropriate or objectionable manner.

9. COOPERATION WITH LAW ENFORCEMENT

HotelExecutive reserves the right to fully cooperate with any law enforcement authorities or court order requesting or directing HotelExecutive to disclose the identity or other information regarding any user or member alleged by any governmental entity to be using HotelExecutive or any Content or materials available in, at, through or in association with HotelExecutive in violation of any law or regulation, or in violation of this Agreement, including, without limitation, the posting of e-mail messages, or publishing or otherwise making available any such materials. By accepting this agreement you waive and hold harmless HotelExecutive from any claims resulting from any action by HotelExecutive during, or as a result of, its investigations, and from any actions taken as a consequence of investigations by either HotelExecutive or law enforcement authorities

10. APPLICABLE LAWS, VENUE, JURISDICTION & MANDATORY ARBITRATION

If any provision(s) of this Agreement is held by a court of competent jurisdiction to be contrary to law, then such provision(s) shall be construed, as nearly as possible, to reflect the intentions of the parties with the other provisions remaining in full force and effect. HotelExecutive's failure to exercise or enforce any right or provision of this Agreement shall not constitute a waiver of such right or provision unless acknowledged and agreed to by HotelExecutive in writing. The section titles in this Agreement are solely used for the convenience of the parties and have no legal or contractual significance. This Agreement may be assigned in whole or in part by HotelExecutive. This Agreement may not be assigned in any manner by you without the express, prior written permission of HotelExecutive.

Any and all disputes or controversies of any kind, including but not limited to any performance, duty, obligation or liability arising under or related to this Agreement which are not first resolved informally, shall be determined by binding arbitration in San Francisco, California, in accordance with the rules of the American Arbitration Association. The final award in any such arbitration proceeding shall be subject to entry as a judgment by any court or competent jurisdiction, provided that such judgment does not conflict with the terms and provisions hereof. The jurisdiction of the arbiter (or arbiters) with respect to legal matters shall be limited only by the statutory and common law of the State of California and the United States.

Notwithstanding the foregoing, any and all disputes, which the parties cannot informally resolve, regarding the scope of issues or matter with the jurisdiction of the arbitrator, shall be resolved by a separate dispute resolution process whereby HotelExecutive, in its sole discretion shall elect the dispute to be resolved by either (1) a court of competent jurisdiction in the State of California or (2) a panel of three new arbitrators.

This Agreement shall be governed by and construed in accordance with the laws of the State of California notwithstanding any conflict of laws provisions. You and HotelExecutive agree that the venue for all legal disputes, controversies, actions of any kind arising under or related to this Agreement shall be San Francisco, California. You and HotelExecutive further agree that in case of any litigation regarding this Agreement, you irrevocably and unconditionally (i) consent to submit to the exclusive jurisdiction of the state and federal courts in the County of San Francisco, California for any litigation or dispute arising out of or relating to this Agreement, (ii) agree not to commence any litigation arising out of or relating to this Agreement except in the California Courts, (iii) agree not to plead or claim that such litigation brought therein has been brought in an inconvenient forum, and (iv) agree the California Courts represent the exclusive jurisdiction for all litigation relating to this Agreement.

11. MEMBERSHIP FEES

Hotel Business Review Subscriptions

If you choose to purchase a subscription, member subscription payments can be made in U.S. Dollars, as well as a variety of international currencies. Membership terms are Annual Recurring, and Monthly Recurring. The Annual Recurring subscription is an annual commitment and subscribers will be charged each consecutive billing cycle. Annual Recurring subscriptions can be cancelled after the first billing cycle and within 30-days of the billing date for a full refund. Monthly Recurring subscriptions are ongoing and subscribers will be charged each consecutive monthly billing cycle. Monthly Recurring subscriptions can be cancelled after the first month and within 7 days of the monthly billing cycle for a full refund.

12. PAYMENT AUTHORIZATION

Payment for the services provided to you in, at, through or in association with HotelExecutive may be made by automatic credit card, debit card, direct debit, bankwire or Paypal and other approved payment means offered in, at, through or in association with HotelExecutive, and you hereby authorize HotelExecutive and its agents to transact such payments on your behalf.

You hereby authorize HotelExecutive's Internet Payment Service Provider to charge your credit card to pay for your membership to HotelExecutive. You further authorize HotelExecutive's Internet Payment Service Provider to charge your credit card for any and all purchases of products, services in association with HotelExecutive. You agree to be personally liable for all charges incurred by you in association with your access or other use of any content provided by HotelExecutive or any third party in association with HotelExecutive. You acknowledge and agree that your liability for all such charges shall continue after termination of your access or any type of membership arrangement with HotelExecutive.

In the event that you have chosen to have your membership automatically rebilled, unless and until you notify HotelExecutive that you wish to cancel or terminate your membership to HotelExecutive, you hereby agree and authorize HotelExecutive's Internet Payment Service Provider to automatically renew your membership to HotelExecutive on a continuing basis and to charge your credit card (or other payment means you have selected) to pay for the ongoing cost of your membership. You hereby further authorize HotelExecutive's Internet Payment Service Provider to charge your credit card (or other approved payment means you have selected) for any and all purchases of products, services and entertainment provided to in, at, through or in association with HotelExecutive.

13. PRIVACY POLICY

The following is the Privacy Policy for HotelExecutive

We can be reached via telephone, email, or online at our contact page. When you visit our site we do not log any information regarding your domain or email address. Information Sharing: We do not share user information with any third parties other than via press release distribution as described below.

Hotel Newswire is a newswire service that distributes press releases on behalf of our users. If you decide to submit a press release for distribution through our system we will transmit your entire press release including any personal information therein contained to our media contacts and online distribution points including search engines. This is the only redistribution of your information that we engage in. Your submission of press releases through our system indicates consent with this policy. The information we collect during your registration process is used to notify users about updates to our service and inform users of any special events hosted by Hotel Newswire. This information is not shared with other organizations for commercial or non-commercial purposes.

Cookies: Our system requires the use of cookies to enable the user to log back into our website to access information from the newswire, without having to log in each time using the required username and password.

If you do not want to receive email from us in the future, please let us know by following instructions included in our communication with you. Users who supply us with telephone numbers online may receive telephone contact from us regarding their account, or informing them of new products and services available on the HotelExecutive website. If you do not wish to receive such telephone calls, please edit your account and remove your phone number from your account profile. This can be done from your user account menu.

Ad Servers: We do not partner with or have any relationship with any ad server companies. From time to time, we may use customer information for new uses not previously disclosed in our privacy notice. If our information practices change at any time, we will post the policy changes to our website to notify you of these changes and provide you with the ability to opt out of these new uses. If you are concerned about how your information is used, you should check back at our website periodically.

Upon request we provide site visitors with access to all information (including proprietary information) that we maintain about them. Users can access this information by logging in to their account.

Security: We always use industry-standard encryption technologies while transferring and receiving user data exchanged with our site. We have appropriate security measures in place in our physical facilities to protect against the loss, misuse, or alteration of information that we have collected from you on our site. We do not store credit card information in our systems.

If you feel that this site is not following its stated information policy, you may contact us.

Jan Peter Bergkvist
Robert O'Halloran
Michael McCartan
Shawn Tarter
David Allison
Donny Pereira
Wei Wei
Nora Minichino
Steve Turk
Russ Spencer
Coming up in March 1970...