Inhospitable: Hospitality & Dining’s Worst Breaches in 2017
Hotels and restaurants are in the criminal crosshairs this year.
November 8, 2017
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltbeb8028d9d1df1ce/64f0d76e71df62658982a890/01-hospitality.jpeg?width=700&auto=webp&quality=80&disable=upscale)
The good news for this year is that the megabreaches at large retail chains like the ones that plagued Target, Home Depot, TJX and the like have been largely absent from the news cycles in 2017. But that doesn't mean we're out of the woods with point-of-sale breaches just yet. In fact, the hackers may be turning their sights to hoteliers and restaurants as department stores, grocery chains and other traditional retailers start to improve their security practices. The following high-profile incidents are evidence of this mounting trend.
The Breach: An unspecified security intrusion into Pizza Hut's website and mobile app compromised customers who ordered pizza on the company's digital properties at the beginning of October.
When It Was Disclosed: October
Records Affected: 60,000 customers' names, billing ZIP codes, delivery addresses, email addresses, and payment card information.
The Breach: The second data breach from this hotelier in as many years, the incident this year had attackers pilfering credit card information from 41 different properties worldwide over the course of a three-and-a-half month window.
When It Was Disclosed: October
Records Affected: Payment card information swiped at the front desk of 41 properties in 11 countries; nearly half of locations were in China.
The Breach: The details are still being investigated, but early indications show that attackers may have stolen millions of customer records from Sonic Drive-In through an intrusion that likely started as a point-of-sale system breach at certain Sonic locations.
When It Was Disclosed: September
Records Affected: Up to 5 million customers' payment card and city, state, zip code information.
The Breach: Attackers used stolen credentials to break into Sabre Hospitality Solutions' SynXisCentral Reservation system to access customer data from tens of thousands of hotel locations managed by brands that include Hard Rock, Loews Hotels, Four Seasons, and Trump Hotels.
When It Was Disclosed: May
Records Affected: Full booking information for slightly less than 15% of customer daily bookings made at 35,000 hotels over a seven-month period.
The Breach: Attackers hit the point-of-sale systems at most of Chipotle's 2,250 restaurants with malware over the course of a three-week window this past spring.
When It Was Disclosed: May
Records Affected: Cardholder data for customers who visited thousands of Chipotle locations from late-March to mid-April.
The Breach: What was seemingly a tiny breach of card information stolen from just 12 IHG locations actually reached its tentacles into 1,200 locations in an intrusion that took the hotel firm months to unravel after its initial disclosure to customers.
When It Was Disclosed: February & April
Records Affected: Cardholder data for customers at 1,200 IHG properties in 49 states, Washington D.C., and Puerto Rico.
The Breach: Malware placed on payment systems within Arby's corporate stores, according to the company's disclosure.
When It Was Disclosed: February
Records Affected: More than 355,000 credit and debit cards held by consumers who use credit unions around the country.
The Breach: Malware placed on payment systems within Arby's corporate stores, according to the company's disclosure.
When It Was Disclosed: February
Records Affected: More than 355,000 credit and debit cards held by consumers who use credit unions around the country.
The good news for this year is that the megabreaches at large retail chains like the ones that plagued Target, Home Depot, TJX and the like have been largely absent from the news cycles in 2017. But that doesn't mean we're out of the woods with point-of-sale breaches just yet. In fact, the hackers may be turning their sights to hoteliers and restaurants as department stores, grocery chains and other traditional retailers start to improve their security practices. The following high-profile incidents are evidence of this mounting trend.
Read more about:
2017About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024