1 February 2017
Theft of confidential data by hackers is a major threat to businesses worldwide and the hotel industry is no exception. Hoteliers remain vulnerable to hackers seeking confidential information such as guests’ credit card data and employees’ personal information. They are also vulnerable in other ways. In a recent hotel breach, the hackers did not go after confidential data, but rather sought a ransom payment after taking control of the hotel’s technology. My partner Bob Braun, senior member of JMBM’s Global Hospitality Group® and co-chair of JMBM’s Cybersecurity and Privacy Group, describes what happened, and shares what hotels can do in response to such threats.
Hotels and Ransomware — Something Special
Robert E. Braun
Last year, at the Global Hospitality Group’s Meet the Money™ Conference, I participated in a panel on Cybersecurity and we discussed how cybersecurity issues affect the hotel industry. One of the comments was that hotels, more than most private industries, have to take into account the kind of physical harm that might be done by a hacker. We noted that not only are guest information systems targets, but also the life and safety systems – HVAC, elevators, electricity and so on. We concluded that while financial theft could impact a hotel and its reputation, a hack of the physical structure of a business could put the hotel out of business.
Our discussion turned out to be prescient when, this week, Romantik Seehotel Jaegerwirt, in the Austrian Alps, had their systems frozen by hackers, which resulted in the complete shutdown of hotel computers.
The 111-year-old hotel had already been targeted by hackers twice. This time, however, the hackers breached the key card system, made it impossible for guests to enter their rooms and prevented the front desk from reprogramming cards.
The hackers demanded €1500 in Bitcoin, promising that control of the key card system and room locks would be returned. Management of the hotel, fully occupied at the beginning of the winter season, chose to pay the ransom, rather than attempt a solution that could have taken significant time and harmed their 180 guests. CONTINUE READING →