Fastbooking Hack Leaves Japan Hotel Red-Faced
28.6.18 securityweek Incindent
A Japanese hotel chain has apologised after more than 120,000 items of customer information were stolen in hacks of its reservations handled by French company Fastbooking.
Prince Hotel, a major Japanese hotel operator, said the breach occurred when hackers attacked Paris-based Fastbooking, which manages its foreign-language bookings.
A Fastbooking spokeswoman confirmed that the company had been hacked on June 14 and had not detected the attack until June 19.
"All of our markets have been affected but this represents a minority of our customers," she said.
She declining to say how many hotels were affected, but said Japanese data made up a large proportion of the hacked information.
Fastbooking, a subsidy of French multinational AccorHotels, handles reservations for some 4,000 hotels in 40 countries.
Prince Hotel said the server for its English, Chinese and Korean-language websites was hacked twice earlier this month and a total of 124,963 items of information such as names, credit card numbers and addresses were stolen.
"There was unauthorised access to the servers of Fastbooking in France," the hotel said in a statement.
The hotel said names, home addresses, phone numbers and other personal information of customers who had booked rooms between May and June 2017 were taken, and that credit card numbers were stolen from customers who had made reservations before August 2017.
Prince Hotel president Masahiko Koyama apologised and bowed deeply at a press conference on Tuesday.
"We're deeply sorry for causing great concern and trouble," he said.
The hotel chain said it was suspending its websites until it could ensure their security.