Bibi van den Berg discusses hotel websites leaking client information on Dutch NPO Radio 1
Research by cyber security company Symantec shows that two-thirds of the hotels worldwide are unwittingly leaking client information to third parties. These data leaks providing booking information could cause several security risks.
The most important risk with such data leaks is possible identity fraud, says Bibi van den Berg, Professor Cybersecurity Governance at Leiden University’s Institute of Security and Global Affairs. Sometimes, you need to fill in your passport details when making a booking. Those with malicious intent can use such data leaks to steal your identity. Data is also becoming available for advertisers, who can then use this data to make profiles and push people into certain categories. As a result, people who have been placed in certain categories will, for instance, be forced to pay more for certain insurance policies.
Negligence
The rapid developments in the availability of online services and insufficient thought put into the possible risks when offering these services are likely what has led to these data leaks, says Van den Berg. The primary goal of a hotel website is to fill hotel beds, not necessarily to provide a safe online environment even though that is something they clearly should be providing too.
Hotel Industry
According to Van den Berg, these leaks show that the hotel industry still is not being thorough enough when it comes to data security. In September 2018, data of almost half a billion hotel guests was made available by a data leak at the Marriot hotel chain. This was one of the biggest data leaks ever. One can only hope that, partly due to new data protection regulations, hotel chains have woken up to the dangers and that data leaks in the hotel industry will become a thing of the past.
You can listen to the full segment (in Dutch) on the NPO Radio 1 website.