Behind the Cyberattacks on Hotels

What's Happening and What Should Hotel Owners and Operators Do?

By Robert E. Braun Partner, Jeffer Mangels Butler & Mitchell, LLP | December 10, 2017

Almost as soon as there were data breaches, hotels became a prime target of hackers, and the hospitality industry has consistently been one of the most commonly targeted businesses. Since 2010, hotel properties ranging from major multinational corporations to single location hotels have been impacted.

The recent report that Hyatt Hotels was a victim for the second time in as many years has raised more concerns about the industry's ability to address cybersecurity. While consumers are so used to receiving breach notices that "breach fatigue" has set in, the second successful attack on Hyatt is sure to raise the eyebrows of regulators, plaintiffs' lawyers, and guests. The data breach will affect the loyalty, trust and consumer perception of all Hyatt Hotels guests. So how can hotels prove to guests that they are safe and trustworthy?

"While the company claims that it has implemented additional security measures to strengthen the security of its systems, no explanation was given as to why these additional measures were not implemented after the first attack," said Robert Cattanach of Dorsey & Whitney.  "Estimates of actual harm have yet to be provided, which is typically the weak spot of any attempted class action, but the liability exposure seems problematic regardless."

Hyatt is in no way alone. On November 2, 2017, the BBC reported that Hilton was fined $700,000 for "mishandling" two data breaches in 2014 and 2015. The attorneys general of New York and Vermont said Hilton took too long to inform their guests about the breaches and the hotels "lacked adequate security measures." Hilton discovered the first of the two breaches in February 2015 and the second in July 2015, according to the article, but the company only went public with the breaches in November 2015. The company has said there is no evidence any of the data accessed was stolen, but the attorneys general said the tools used in the data breaches made it impossible to determine what was done.

What do Hackers Want?

Hackers seek a variety of types of information. Most commonly, hackers compromise systems so that they can obtain credit card numbers and sell them on the dark web. While this is possibly the most common – and certainly the most reported – type of data theft, it is far from the only kind of data hackers look for.

Choose a Social Network!

The social network you are looking for is not available.

Close
Coming up in February 2019...

Social Media: Getting Personal

There Social media platforms have revolutionized the hotel industry. Popular sites such as Facebook, Twitter, Pinterest, Instagram, Snapchat, YouTube and Tumblr now account for 2.3 billion active users, and this phenomenon has forever transformed how businesses interact with consumers. Given that social media allows for two-way communication between businesses and consumers, the emphasis of any marketing strategy must be to positively and personally engage the customer, and there are innumerable ways to accomplish that goal. One popular strategy is to encourage hotel guests to create their own personal content - typically videos and photos -which can be shared via their personal social media networks, reaching a sizeable audience. In addition, geo-locational tags and brand hashtags can be embedded in such posts which allow them to be found via metadata searches, substantially enlarging their scope. Influencer marketing is another prevalent social media strategy. Some hotels are paying popular social media stars and bloggers to endorse their brand on social media platforms. These kinds of endorsements generally elicit a strong response because the influencers are perceived as being trustworthy by their followers, and because an influencer's followers are likely to share similar psychographic and demographic traits. Travel review sites have also become vitally important in reputation management. Travelers consistently use social media to express pleasure or frustration about their guest experiences, so it is essential that every review be attended to personally. Assuming the responsibility to address and correct customer service concerns quickly is a way to mitigate complaints and to build brand loyalty. Plus, whether reviews are favorable or unfavorable, they are a vital source of information to managers about a hotel's operational performance.  The February Hotel Business Review will document what some hotels are doing to effectively incorporate social media strategies into their businesses.