So You Think Your Cards Are Safe? Mistakes Happen!

data breach personal data Nov 11, 2020

Just when we thought we had all recovered from the Marriott data breach, up pops Prestige Software, a Spanish software developer, who have put at risk possibly 10 million sets of transaction data going back to 2013.

You can read about it here -

Why Does This Matter?

First, it's not a malicious attack.  This one was caused by the most common method.  Someone made a mistake.

Mistakes happen.  In this case, someone misconfigured an Amazon AWS server.  For those of you who neither know nor care what that is, it's the computers on which much of our online activity is stored.  They are quite complex things.  Most of your technology data processors run their stuff on something similar.  It's all well and good as long as you employ people who now what they're doing and you have effective security and work monitoring in place.

Someone either didn't know what they were doing or someone made a mistake.  Nobody was checking.  It exposed data used by Agoda, Expedia, and

Is your hotel connected to any of those?

Second, it risked the exposure of a LOT of hotel guest personal data:

  • Full names
  • Email addresses
  • National ID numbers
  • Phone numbers
  • Credit card details, including card number, name on card and CVV number

That's quite a haul.  Fortunately the risks were exposed by Website Planet, who appear to be good guys.  They contacted AWS and informed them of the problem.  It appears to have been fixed.

If you are using technology in your hotel - and you should, recovery is going to rely upon technology - what sort of shape is your vendor management in?

You see, as a data controller you might find yourself responsible for the mistakes your technology partners make.

If your vendor management isn't up to much, they make the honest mistake, you carry the can.



50% Complete

Two Step

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.