Security News > 2022 > October > No Shangri-La for you: Top hotel chain confirms data leak
Hotel chain Shangri-La Group has admitted to its systems being attacked, and personal data describing guests accessed by unknown parties, over a timeframe that includes the dates on which a high-level international defence conference was staged at one of its Singapore properties.
"Shangri-La Group recently discovered unauthorized activities on our IT network," states a notice from the chain that goes on to reveal that "Between May and July 2022, a sophisticated threat actor managed to bypass Shangri-La's IT security monitoring systems undetected, and illegally accessed. guest databases".
The Shangri-La Singapore and Shangri-La Apartments Singapore were also hit.
Which is where things get interesting, because from June 10 to 12 this year the Singapore hotel hosted the "Shangri-La Dialogue", an event that bills itself as Asia's leading defense conference.
It's unclear if any or all of the dignitaries at the event stayed at the hotel and therefore had their details registered in the database that was illegally accessed.
Or perhaps whoever attacked the database just wanted to get the credit card numbers of the kind of people who can afford to stay at a Shangri-La hotel: The Register visited the hotel's booking page and found the cheapest room for tonight costs $333.80, but suites are also available at an eye-watering $10,541.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/10/05/shangri_data_leak/
Related news
- Shopping platform PandaBuy data leak impacts 1.3 million users (source)
- Week in review: 73M customers affected by AT&T data leak, errors led to US govt inboxes compromise (source)
- Home Depot confirms worker data leak after miscreant dumps info online (source)
- Cerebral to pay $7 million settlement in Facebook pixel data leak case (source)
- UnitedHealth confirms it paid ransomware gang to stop data leak (source)