- CyberNews researchers have discovered a huge data breach
- The data set contained information from more than 24 million customers. It probably belonged to the Honotel hotel chain.
CyberNews researchers discovered a leaked data set containing more than 24 million hotel records, including names, emails, phone numbers, and detailed stay information such as arrival time, number of guests, and location. price paid.
There are strong indications that the data set belongs to Honotel Group, a French hotel management and investment company.
The data specifically mentions ‘SITE HONOTEL’, researchers confirmed, as well as booking platforms such as Booking.com, suggesting that the leaked database could be part of Honotel’s reservation management system.
Guests at risk
Investigators discovered the suspected Honotel breach on October 4, 2024, and the breach was closed on October 7, 2024, so the organization at least acted quickly once the disclosure notice was sent.
It’s unclear how long the data was available, or if the threat actors discovered or stole anything, but the information was discovered on an unprotected Elasticsearch server and a Kibana interface.
This puts both the client and the company at risk. For the customer, the risk when personally identifiable information (PII) is compromised is the risk of fraud and identity theft, as malicious actors can use the data to obtain loans, bank accounts or even develop social engineering attacks against the victims.
For the company, like FTC fines, European companies face GDPR regulations that could mean penalties of up to 4% of a company’s global annual revenue if security best practices are not implemented to protect the PII.
This comes shortly after major incidents led the FTC to order hotel chains Marriott and Starwood to implement stronger security measures after 344 million customers were exposed in a massive data breach. Marriott’s systems were exposed for up to four years, earning the company a $52 million fine from the FTC in 2024.
