Emerging Threats

Massive data breach hits hospitality giant. Up to 500 million guests affected — Here’s what you can do

Authored by a Symantec employee


A large hotel brand has announced one of the largest corporate data breaches in history. The personal information of up to 500 million guests was potentially exposed due to unauthorised access to company’s guest reservation system.

The exposed personal information includes some combination of name, mailing address, email address, date of birth passport numbers, and other sensitive information.

Am I affected by the data breach?

About two thirds of the company’s customers are potentially affected by this breach. If you are customer, you may be affected. The company began sending emails to customers affected by this breach on a rolling basis on November 30, 2018. The email does not contain attachments or requests for personal information, including passwords. Be on the lookout for such an email. It may take a while to receive such an email due to the volume of potentially affected customers.

If I know I am affected, what should I do?

The company advised its affected customers to monitor their accounts and bank statements for suspicious activity. It also warned to be vigilant against third parties attempting to gather information through phishing attacks.

Here are some steps you can take to help protect yourself if you think this data breach may have exposed your information.

  • Change any passwords that use the same login information as those used in your hotel accounts.
  • Watch for communications from companies that had recent data breaches
  • Monitor news reports about this breach, watching for new developments.

What could go wrong?

Cybercriminals could commit a variety of crimes using the stolen data. For instance, sensitive information like date of birth, address, passport numbers, can be combined to sign up for services in your name, potentially leaving you out of pocket.

Can you prevent a data breach?

There isn’t much you can do to prevent a data breach.

But there are some important things you can do to help protect yourself in other ways. It’s a good idea to consider investing in a comprehensive cyber security solution to help protect your devices and personal information.

What else can I do?

Find out what rights your jurisdiction gives over your personal data. The large hotel brand has a call centre to help answer your questions in multiple languages. Click here for more information.

Your privacy at stake

With the advantages of living in a connected world comes the disadvantage of losing your privacy to bad actors. Cybercriminals can target many commercial industries as they try to take advantage of travellers who may not be vigilant to the risks.

Data breaches can affect anyone, so it helps to be aware of what precautions to take when going online.

Norton Security helps protect your devices and the information on them. It provides real-time protection against existing and emerging malware, ransomware and viruses. Norton Secure VPN helps encrypt the information you send and receive when using public Wi-Fi.

Norton Secure VPN also enables you to browse anonymously and access your favourite content on the go with bank grade encryption. Now you can pay bills, check your email, and interact on your social network — in a cafe, airport or hotel —helping to keep your personal information and online activities private. You can also enjoy your favourite apps and websites, on the go with our no-log VPN.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome and Android are trademarks of Google, LLC. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced and/or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other company names and product names are registered trademarks or trademarks of each company.