Choise Hotels has had a data leak that exposed 700,000 guest records to the open web (BinaryEdge had indexed them).
Choice’s vendor had been working on a data set that the hotel company had provided them with. This data included names, email addresses and phone numbers of guests.
Here’s an excerpt from Comparitech (access their piece here):
The database held 5.6 million records. However, Choice Hotels told Comparitech in an email that the majority of records were “test data, not associated with real people.” About 700,000 of the records included details of actual guests including names, email addresses, and phone numbers.
The company says the data was hosted on a vendor’s server, and no Choice Hotels servers were accessed. “The vendor was working with the data as part of a proposal to provide a tool,” a company representative tells Comparitech.
Someone already has this data and has demanded a payment from Choice.
It would be interesting to know if Choice Hotels has told affected guests that their information has been exposed and leaked? If they haven’t, they better work on it if this data includes information from EU citizens as those GDPR fines can be rather high.