Wyndham’s well-publicized legal woes relate to not just one but three data security breaches. These incidents resulted in more than $10 million in unauthorized charges to consumers’ credit cards. To make matters worse, Wyndham’s board of directors has been hit with a lawsuit from the company’s shareholders for inadequate security practices. This particular case is making its way through New Jersey courts.
White Lodging, a hotel owner, developer and management company, was the target of hackers who stole customer credit card data over the course of nine months. These cyberattacks exploited point-of-sale systems in hotel restaurants and lounges.
Other recent breaches in the hospitality industry have been the result of stolen login credentials of an authorized user and accidentally downloaded malware. All of these incidents underscore the hospitality industry’s vulnerability to security breaches. In fact, research has shown that 55 percent of all credit card fraud originates in hospitality.
Why is hospitality data vulnerable? In some cases, franchisees assume the franchisor is responsible for data security and vice versa. This assumption has led to a dispute between Wyndham and operators in its Super 8 chain. Wyndham claims these hotels are independently owned and operated and should be responsible for their own data security. In this case, both sides are pointing fingers while neither side seems to be guaranteeing security. A lack of a standardized industry business model is partly to blame.
Many smaller operators in the hospitality industry, like most small businesses in general, lack the in-house staff and expertise to implement and manage a sophisticated data security solution. The volume of transactions that take place online through both hotel websites and online reservation portals makes security enforcement that much more complicated. The large amounts of data that are constantly transmitted and collected can be difficult to manage and secure, and customer data is often saved in guest room computers that are vulnerable to attack.
The impact of even a single reported data breach cannot be overstated. In an ultra-competitive industry, consumers who lose trust in one company can easily find another option. Victims of a security breach can and have taken legal action. Even if they don’t win, a legal battle – and a public relations battle – can prove costly. Also, the courts have indicated that the Federal Trade Commission (FTC) has the authority to not only regulate corporate data security practices, but also penalize those organizations whose data security practices are inadequate.
Operators should take the following steps to improve data security:
- Develop a policy and best practices for maintaining data security.
- Make sure vendors are following proper data security practices.
- Monitor networks and databases for suspicious activity.
- Minimize the amount of data that is collected and stored.
- Follow all data encryption standards.
- Strengthen access controls.
- Restrict access to sensitive data.
- Educate employees about the importance of data security and the consequences of a breach.
Atlantic-IT.net, your outsourced IT department, specializes in implementing and managing IT solutions for the hospitality industry. Let us help you evaluate your existing infrastructure and determine what steps should be taken in order to improve your security posture.