Shangri-La Guest Database Hacked

2 months ago 10

Shangri-La Group issued an announcement connected its authoritative website connected Sept. 30, stating that its 8 hotels were recovered to person been hacked by nonrecreational cyber attackers, bypassing the group’s information monitoring system, and aft investigation, it was recovered that the interaction accusation of immoderate guests was leaked. The radical apologized to the affected customers and emphasized that the incidental did not impact the wide cognition of the hotel. The Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD) said connected Oct. 1 that the personal data of much than 290,000 Hong Kong customers whitethorn person been affected and a compliance cheque has been launched.

Brian Yu, Senior Vice President, Operations & Process Transformation of Shangri-La Hotels and Resorts, issued a announcement to the members of the edifice radical connected Oct. 1, saying that aft unauthorized activities were discovered successful the hotel’s IT network, a web information adept has been appointed instantly to analyse the anomaly.

It was recovered that betwixt May and July this year, nonrecreational cyber attackers bypassed its IT information monitoring strategy and illegally accessed the hotel’s impermanent database, involving 8 of its hotels:

. Island Shangri-La, Hong Kong
. Kerry Hotel, Hong Kong
. Kowloon Shangri-La, Hong Kong
. Shangri-La Apartments, Singapore
. Shangri-La Singapore
. Shangri-La Chiang Mai
. Shangri-La Far Eastern, Taipei
. Shangri-La Tokyo

The radical besides said that the affected edifice database contained a operation of information including impermanent names, email addresses, telephone numbers, postal addresses, rank numbers of its club, booking dates, and institution names.

In the applicable notice, the radical assured members that accusation specified arsenic passport numbers, ID numbers, dates of birth, recognition paper numbers, and expiry dates are encrypted and protected.

The radical emphasized that it had taken each indispensable measures to fortify the information of its networks, systems, and databases, and advised customers to enactment alert against immoderate suspicious enactment oregon notifications.

Shangri-La volition supply affected guests with a escaped one-year idiosyncratic information monitoring work to show whether idiosyncratic information whitethorn look connected the Internet, societal media, and nationalist databases.

This is an optional service. Customers who are affected tin spell to the applicable website and registry with the idiosyncratic codification provided connected the email earlier Dec. 31. Relevant accusation tin besides beryllium recovered connected the applicable webpage.

PCPD said connected Oct. 1 that it received a notification of a information breach from Shangri-La (Asia) Limited connected Sept. 29. The PCPD noted that determination whitethorn beryllium much than 290,000 section customers’ idiosyncratic accusation being affected.

Taking into relationship the quality of the mishap and the ample fig of radical affected, the bureau has launched a compliance cheque of the incident.

PCPD expressed its disappointment that the radical lone notified the bureau and applicable customers 2 months aft it had go alert of the incident.

PCPD besides pointed retired that nary inquiries from the nationalist regarding the incidental person been received truthful far.

Terence Tang