Booking software company hack ‘under control' but impact on UK hotels unclear

28 June 2018 by
Booking software company hack ‘under control' but impact on UK hotels unclear

A hacking attack against Fastbooking, which may have exposed hotel guests' personal information and payment card details, is "under control" but it is unclear if any UK hotels have been impacted.

The Paris-based hotel booking software company, which is owned by French hospitality group AccorHotels and works with 4,000 partner hotels in 100 countries, said the "main market affected" was Japan, however it is not known if the site's UK hotel partners are among those to have fallen victim.

"A complaint has been filed with the French Information Technology Fraud Investigation Brigade (BEFTI). The main market affected is Japan and all impacted customers have been informed and dedicated support has been implemented to help them assist their guests."

Adam Brown, manager of security solutions at technology company Synopsys, said: "The FastBooking breach appears to be in conflict with GDPR Article 32 which discusses the security of data processing.

"Article 32 states that a procedure needs to be in place for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. If this was a truly niche exploit, you could also argue that FastBooking acted appropriately given the 'state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing to ensure a level of security appropriate to the risk'-as stated in Article 32.

"Then again, this breach could have involved a well-known vulnerability which could have been detected thought a vulnerability assessment. If it's identified that known vulnerable components were involved that could have been discovered and prevented through a penetration test, for instance, FastBooking can expect to have the law read back to them. It also appears that the data wasn't encrypted, or if it was, the keys weren't kept separately.

"This situation could have potentially been avoided by having a deliberate and effective software security initiative driven by the firm's leadership. However, not enough details are available as of yet to speculate on what went wrong and how it could have been handled differently."

AccorHotels acquired the group in April 2014. Fastbooking's customers include luxury and mid-range brands and hotel chains including Baglioni Hotels, Cresta Hotels and Prince Hotels & Resorts.

How to keep the hackers at bay >>

Hotel reservation system hit by security breach >>

IHG hotels hit by payment card data hack >>

Get The Caterer every week on your smartphone, tablet, or even in good old-fashioned hard copy (or all three!).

The Caterer Breakfast Briefing Email

Start the working day with The Caterer’s free breakfast briefing email

Sign Up and manage your preferences below

Check mark icon
Thank you

You have successfully signed up for the Caterer Breakfast Briefing Email and will hear from us soon!

Jacobs Media Group is honoured to be the recipient of the 2020 Queen's Award for Enterprise.

The highest official awards for UK businesses since being established by royal warrant in 1965. Read more.


Ad Blocker detected

We have noticed you are using an adblocker and – although we support freedom of choice – we would like to ask you to enable ads on our site. They are an important revenue source which supports free access of our website's content, especially during the COVID-19 crisis.

trade tracker pixel tracking