Hotel Cyber Attacks: How Guests Can Stay Safe

Another day, another data breach.

This time, Sabre, one of the world’s largest technology companies, is reporting that “an incident of unauthorized access to payment information,” occurred in one of its reservations systems.

When InterContinental Hotels Group (IGH) revealed a data hack earlier this year, it set the media and social media on fire, Sabre’s data breach, on the other hand, has gone largely unnoticed by the consumer press. Which is particularly interesting considering IHG’s data hack is thought to have affected up to 1,200 hotels, while Sabre’s reservations systems powers more than 30,000 properties.

Sabre isn’t saying much and gives no indication as to the scope of the breach, although it says it believes it is limited to one reservations system. Also, says Sabre, they have contacted law enforcement and retained an independent, third-party expert, Mandiant, to help them investigate.

MORE Travel Technology

Amadeus to Purchase TravelClick for $1.52 Billion

TravelJobs.com Relaunched by travAlliancemedia

Norwegian Expands Partnership With Amadeus

“Our Sabre Hospitality Solutions customers are being notified of the investigation with a commitment to keep them informed,” said Sabre via a statement.

While consumer media may have largely overlooked this story, cyber security experts have plenty to say.

An article at Information Security Buzz, a news site dedicated to the security community, asked a number of cyber security experts to weigh in on Sabre's breach. By and large, the collective think tank predicts the tourism industry can start to expect an increasing number of data breaches.

READ MORE: How to Keep Phone Data Private

The experts also provide a number of valuable tips that consumers can take to help protect themselves from data breaches while staying at hotels.

Among them:

- Think twice about using your mobile device as a hotel key recommends Shane Stevens, Director of Omni-Channel Trust & Identity Solutions at VASCO Data Security.

- Immediately stop using debit cards to check into hotels. Instead, use charge cards to protect yourself, recommends Stevens. “At this point, we are just not sure what is safe anymore,” he said.

- When you travel, bring your own router and insist that the hotel allows you to connect to it, recommends Mounir Hahad, Ph.D., Senior Director at Cyphort Labs.

The issue of free Wi-Fi has also been taken on by the Harvard Business Review in its recent article, Why You Really Need to Stop Using Public Wi-Fi. The article cites a study conducted during last year’s Republican National Convention, where a security company set up fake Wi-Fi hotspots to see how many people would log in. Stunningly, 1,200 people accessed the free Wi-Fi addresses even without knowing the source of these hot spots. Some 68 percent of those users were found to have revealed personal data such as email passwords and bank login credentials after logging in.

The article’s author, Luke Bencie, a global security consultant, also specifically cited weaknesses in using free Wi-Fi at hotels. In particular, he references a scheme called “Evil Twin” where a hacker tricks users into logging in by setting up a hotspot that mirrors the hotel name. Once the user logs in, the hacker can see all their movements as they surf the web and has access to any private data revealed during the session.

READ MORE: Hotel Guests Should be Vigilant in Wake of Data Card Breach

In the article, Bencie recommends purchasing an unlimited data plan for your mobile device and not using free WiFi, ever. Other recommendations for using public WiFi include only signing into encrypted sites that use an HTTPS (rather than HTTP) address. Also, never (ever) sign into any sites, encrypted or otherwise, that contain your financial information such as banks or shopping sites.

As hackers continue to target the hospitality industry, both on large scale and through individual attacks, it’s important that consumers take increasing care with their personal data.

Because, as Bencie writes, “falling victim to public WiFi’s dangers is a question of when, not if.”

Follow @MonicaPoling