The Shangri-La hotel group has disclosed a data breach in which the threat actors had access to a database containing the PII of customers.
The incident impacted 8 hotels in Hong Kong, Singapore, Chiang Mai, Taipei and Tokio, the company launched an investigation and notified authorities and potentially impacted guests.
As per the statement the company says “recently discovered unauthorised activities” on its IT infrastructure. A sophisticated threat actor managed to bypass Shangri-La’s IT security monitoring systems undetected, and illegally accessed the guest databases.
Certain data were found to have been exfiltrated from these databases but the investigation has not been able to verify the content of these files. The databases contained guests’ contact information but personal information such as dates of birth, identity and passport numbers, and credit card details, was encrypted.
Experts pointed out that the Shangri-La hotel in Singapore hosted Asia’s top security summit between June 10 and 12 in the same period the hack took place.
The hotel chain states that it is not aware of any abuse of stolen guest data.