China Probes Suspected Customer Data Leak at Accor Partner
30.8.18 securityweek Incindent
Shanghai police said they were investigating a suspected data leak at NASDAQ-listed Chinese hotelier Huazhu Group, the local partner of France-based AccorHotels.
Huazhu, one of China’s biggest hoteliers, released a statement on Tuesday saying it had alerted police to reports that the company's internal data was being sold online, asking them to investigate.
Chinese media reports said the data included guest membership information, personal IDs, check-in records, guest names, mobile numbers, and emails.
Police in Shanghai said in a statement that they were looking into the case.
Huazhu's website said it operates more than 3,000 hotels in more than 370 cities in China, including the AccorHotels brands Ibis and Mercure.
Shanghai-based Huazhu formed a long-term alliance with Accor in 2014 to help the French hotel group develop the Chinese market.
Huazhu said the release of the data had caused a "vicious impact", without giving specifics, and that it was conducting an internal investigation.
The sale of personal information is common in China, which last year implemented a controversial cybersecurity law that requires services to store user data in China and receive approval from users before sharing their details.
Chinese e-commerce giant Alibaba came under fire earlier this year over its handling of user data in an episode that underscores growing concerns for privacy in the hyper-digitised country.
Alibaba's online-payments affiliate Ant Financial was forced to apologise after users said they felt misled into allowing its Alipay service to share data on their spending habits with Ant's credit-scoring arm and other third-party services.