Shangri-La Hotel was hacked, personal information of 290,000 Hong Kongers affected

The network system of Shangri-La Hotels Group was attacked by hackers from May to July this year, and the personal information of customers, including names, telephone numbers, mailing addresses, etc., was leaked from its three hotels in Hong Kong. However, it was disappointed that the Office of the Privacy Commissioner for Personal Data was not notified by the hotel until last Thursday. The hotel apartment now is trying best to do data disaster recovery to release the lost.

The PCPD estimates that as many as 290,000 Hong Kong customers may be affected, and has launched an investigation into the incident, calling on customers to pay attention to whether there are unusual records in their accounts and transactions.

Shangri-La Hotels and Resorts published an information security incident announcement on its website the night before (30th), admitting that eight of its hotels had been intruded by professional cyber attackers earlier, bypassing the information technology security monitoring system, resulting in the leakage of some guests and contact information. Affected customers apologize.

Shiba Hotel Hong Kong accounts for three

Of the eight hotels involved, five are located in Singapore, Bangkok, Chiang Mai, Taipei and Tokyo, and three are in Hong Kong, including Island Shangri-La Hong Kong, Kerry Hotel Hong Kong and Kowloon Shangri-La Hotel Hong Kong. The group stated that it has notified relevant agencies, emphasizing that the incident did not affect the operation of the hotel, and has taken measures to strengthen the security of the information technology network.

Suspected leaked data files, including guest name, phone number, email address, mailing address, membership number, booking date and company name, but the hotel group guarantees that the guest’s passport number, ID number, date of birth, credit card number and The information such as the expiration date is encrypted and protected, and there is no evidence that it has been disclosed or used improperly.

The Office of the Privacy Commissioner for Personal Data said yesterday that it received a notification from Shangri-La (Asia) Limited on the evening of last Thursday (September 29). The Office has noticed that the personal data of over 290,000 Hong Kong customers may be affected. The nature of the incident and the number of people affected are large. A compliance review has been launched on the incident, and citizens who have stayed at the hotel involved are urged to be more vigilant. If they suspect that their personal data has been leaked, they can make inquiries or complaints to Shangri-La and the Office.

Privacy Office criticizes late notification

The Commissioner’s Office stated that it was disappointed to note that Shangri-La only formally notified the Commissioner’s Office and notified the relevant customers more than two months after it became aware of the accident. The hotel group admitted that it had discovered abnormal activities in the information technology system as early as July this year, and immediately appointed cyber security experts to investigate. Affected guests to issue a notice, but did not give a positive explanation for why the Office was notified two months after the incident.

Information technology expert and founder of the Hong Kong Smart City Alliance, Yang Quansheng, estimated that hackers may have sent emails and added “phishing programs” to hyperlinks to steal information from hotel systems. Customers who are concerned about the leakage of their personal information can pay more attention to their accounts and personal emails to see if there are any unusual login records. He also said that since the hotel has encrypted the credit card number and expiration date and other information, even if the hacker successfully steals the file, it is not easy to obtain the password to open it, and customers need not worry too much for the time being.

As a result, businesses and individuals must take strong measures to safeguard data. To avoid all threats, information may be backed up for disaster recovery. Information security software is now widely available and simple to use. Take into account the selected virtual equipment backup strategy. Virtual machines may run many operating systems at the same time, conserving both physical and digital resources. VMware Backup, Xenserver Backup, Hyper-V Backup, and other digital machine backup technologies are now widely utilized.