There's another major data breach to report. This time, the company in the cross-hairs operates several popular hotel chains.
Information from hundreds of thousands of guests at various hotels was compromised in the breach. Ominously, there are reports that the information is being held for ransom on the dark web.
Read on to find out which hotels may have been affected by the breach and what scams might result from it. We'll also provide you with safety tips to protect yourself from any hack.
Familiar hotels caught up in the latest data breach
A database breach at Choice Hotels has resulted in hackers stealing information from 700,000 customer accounts. The breach affected guests at several hotels, as Choice is the parent company of Clarion, Comfort Inn, EconoLodge, Quality Inn and Rodeway Inn.
The unsecured database was discovered by cybersecurity firm Comparitech and security researcher Bob Diachenko. That database, which was accessible to anyone, exposed 5.6 million records.
Choice Hotels reportedly said that the majority of the records were test data, but information on 700,000 real accounts also was in the mix. The company said the real accounts included names, email addresses and phone numbers, but no financial information.
The company said the database was being maintained by a third-party vendor. Choice Hotels has fired the vendor.
Komando.com reached out to Choice Hotels for more information on the breach but the company has not responded.
This impacted 700,000 accounts, but it could have been much worse. Along with the hotel franchises Choice owns, the company also provides services to smaller independently owned hotels.
According to Choice, the company franchises more than 7,000 hotels with 570,000 rooms in more than 40 countries.
Hacked data on the dark web
Unfortunately, the two cybersecurity experts who discovered the breach said the hacked information has already made its way onto the dark web and is being held for ransom. The person wants about $4,300 in Bitcoin to release the information.
While the stolen data did not contain financial information, people affected are being warned that they could be targeted in phishing scams via email, text or phone.
This year, a number of companies have been hit with data breaches. Most recently among major companies, more than 100 million customers were affected when Capital One's servers were breached.
Hackers took information on credit scores, credit card limits, balances, credit history, home addresses, and in some cases even Social Security and bank account numbers.
Protect yourself after a data breach
It's frustrating that while you're taking steps to protect your computer against hacks, thieves can still get the information through a major data breach at a company you do business with. You can't do anything about that, but you can contain the fallout.
Here's what to do if your information is swept up in a corporate data breach:
- Be on the lookout for phishing scams. Hackers will create emails pretending to be the affected company in hopes of getting you to click on malicious links. If the email provides a link back to the company, don't click on it. Type the company's actual URL on your browser to avoid a spoof site.
- Frequently check your bank statements for signs of suspicious activity. If you see anything strange, report it immediately.
- If you see suspicious activity on your credit cards, call your credit card company and put a freeze on your accounts as soon as possible.
- Install strong security software not just on your PC but also on your smartphones.
- Change all your passwords and don't use the same one on multiple sites. If one site is breached, it puts your accounts on other sites at risk.
If your information was hacked as a result of a corporate data breach, call the company. Be proactive and find out what the company is doing about the situation and how it will protect you from fraud.
6 ways to protect your phone from hackers, snoops and intruders
Your phone, in many ways, is your life. You use it for family communications, work-related business, and leisure time. Odds are, if someone were able to get a hold of your device, it'd be easy to learn an uncomfortable amount of personal information -- maybe even enough to blackmail you, scam you, or threaten your privacy further.