When you’re traveling, hotels are supposed to be your place of refuge. After all, it feels comforting to have a secure and familiar place of rest in a new location.
Whether we like it or not, we place a great deal of trust in hotel staff to protect or privacy. We leave our belongings out while housekeeping tidies up, we trust the room is free of bugs, and we expect hotel staff not to spy on us with hidden cameras. In many ways, hotels put us at the mercy of our hosts.
But how about digital trust? Can we rely on hotels to protect our digital privacy the same way as our physical privacy? As it turns out, data security is not an included amenity for many hotel chains.
How do hotels leak personal data online
A study released by Symantec, makers of the famous antivirus program, revealed that two out of three hotel websites have accidentally leaked booking details and personal data to third parties.
Hotels use web-based booking services to make reservations more convenient for guests and simpler for employees. Managing guest records, including passport information, email addresses, credit cards and full names, is much easier when you harness a digital database to do the heavy lifting.
However, because these databases receive information through an internet connection, this makes them as vulnerable as anything else online to hackers and bad actors.
According to Symantec’s study, data compromises typically happen when hotels email your booking confirmation back to you. This data, for many hotel chains, is not encrypted or hosted in a secure location.
In fact, the data is often shared with third-party service providers such as social networks like Facebook and advertisers across the internet. The intent, apparently, is to tailor advertisements to your travel needs and location. A likely story, as always.
Will I be affected by hotel data leaks?
As it stands, Symantec reports that cybercriminals are mostly interested in high-ranking business professionals and government employees. These kinds of targets typically have higher value information or finances to compromise, so ordinary travelers and pleasure-seekers are not a priority for criminals targeting hotels.
That being said, there are some best practices you can take to keep your data secure when booking hotels as well as traveling abroad. For starters, making sure you aren’t logged in to Facebook while you book tickets prevents any transmission of data to its servers via unsecured connections.
Otherwise, booking your rooms while in a private browser window (like Chrome’s Incognito Mode) will at least stop existing ad trackers from making the link between your booking and your other browsing habits.
When it comes to receiving confirmation for your booking, a good suggestion would be to make an alternative email address that you use only for travel related exchanges. This email address can be separate from your main account and doesn’t have to include personal information in the settings like your name and address.
A safe place to stay?
Since cybersecurity is becoming an ever-present concern for companies, hotel chains are in the process of complying to data safety laws enacted by governments. The EU recently passed the General Data Protection Regulation, which several hotels claim their systems will soon be compliant with.
Until we know for certain that our hosts have our best digital interests in mind, the best thing you as a traveler can do is be aware of your online presence. Don’t just look at whether your hotel room seems nice or affordable.
The quality of a hotel’s website can be a telltale sign of a security risk. If the website you’re booking through seems defunct or sketchy, that’s a red flag for unsecured connections.