FastBooking, a Paris-based provider of hotel-booking software, is alerting client hotels to a data breach in which an attacker lifted personal information and credit card data from guests of hundreds of properties.
The breach took place on June 14, says FastBooking, which states it works with 4,000 partner hotels in 100 countries. In an email to affected properties, FastBooking says an attacker exploited a vulnerability in a Web application hosted on its server to install malware. The actor used this access to pilfer first and last names, nationalities, physical and email addresses, and booking-related details, such as hotel names and check-in/check-out dates.
For some travelers, payment card data, including name, number, and expiration date, was compromised. It seems the attacker stole different information from different hotels; none of FastBooking's customers were affected in the same way.
The company is providing affected hotels with templates to inform guests of the attack, as well as templates to notify their national data protection agencies how personal and payment information was exposed, BleepingComputer reports.
Read more details here.
Why Cybercriminals Attack: A DARK READING VIRTUAL EVENT Wednesday, June 27. Industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Go here for more information on this free event.