Tag Archives: Information

by | November 25, 2013 · 7:09 am

Hospitality Industry Technology Solutions: Hotels Increase Collection Of Guest Information With Social Media & Surveys To “Upgrade The Experience”

“…Like other luxury hotels, the Peninsula collects a cache of information about its customers, which is stored in a guest-preference database. Hotel Technology SolutionsBut it’s done with only one purpose: to upgrade the experience. It contains information about your favorite food, your preferred room and what side of the bed you sleep on…Experts will tell you it’s unfair to compare a hotel with a few hundred guests with a chain with tens of thousands. Maybe, maybe not. La Quinta Inn & Suites recently used a feedback-management platform to harvest information through social media and surveys to determine what guests thought of its breakfasts, which are included in the price of their stay…”

Airlines, car rental companies and hotels ought to spy on their customers more often. Collecting information about you to improve customer service — and only for that purpose — could return the American travel business to greatness.

That’s no coincidence, says Offer  Nissenbaum, managing director of the Peninsula Beverly Hills. “If you collect all the little details,” says Nissenbaum, “you can meet and exceed a guest’s expectations.”

Actually, figuring out which side of the bed you sleep on seems to be one of the hottest data points in the hotel business. The Ritz-Carlton, which also delivers  above-and-beyond service, notes your preferred side, says spokeswoman Allison Sitch. Why? Because that’s  where the staff will place a water bottle and other amenities, which means a lot when you roll out of bed in the morning.

The volume of data being collected by luxury hotel chains such as Ritz-Carlton or Peninsula might make an NSA agent blush. But the hotels gather it unapologetically, “as long as the data is being used to make the customer happy,” says Sitch.

The insights were sent directly to front-line employees and managers  for their feedback. La Quinta responded by adding signs and more prominently displaying the healthy foods they already offered, and customer approval rose.

For more:  http://www.usatoday.com/story/travel/2013/11/24/airline-car-rental-hotel-traveler-surveillance/3692017/

Comments Off on Hospitality Industry Technology Solutions: Hotels Increase Collection Of Guest Information With Social Media & Surveys To “Upgrade The Experience”

Filed under Guest Issues, Management And Ownership, Risk Management, Technology

Tagged as , , , , , ,

by | February 18, 2013 · 7:09 am

Hospitality Industry Information Security Risks: Hotels, Restaurants And Retailers Accounted For 78% Of “Data Breaches By Cyber-Criminals” In 2012; “Weak Or Guessable Passwords” Is Most Common Vulnerability

“…Almost one-third of all victims had critical systems administered by a third party…Attackers had no trouble exploiting that weakness, with vulnerable remote-access systems accounting for the method of entry in 47 cybercrime in hotelspercent of the cases…in most cases, users – not software vulnerabilities – were to blame. Almost 90 percent of systems had weak or easily guessable passwords, with “Password1″ continuing to be the most common, according to Trustwave’s report…”

An analysis of breach data for 2012 found that retailers and the hospitality industry continued to command the most interest from cyber-criminals, accounting for 78 percent of the breaches documented by security services firm Trustwave.

The businesses are typically easy targets, having outsourced the administration of important servers and business data to firms that focus more on keeping the systems functioning than on security, says Christopher Pogue, director of digital forensics and incident response for Trustwave’s SpiderLabs.

“An integrator may have 1,000 customers and may do remote administration for all of them using, not 1,000 passwords, but maybe two or three,” Pogue said. “That leaves a vulnerability that can be exploited by attackers.”

For more:  http://www.techweekeurope.co.uk/news/retailer-hotel-crime-107589

Comments Off on Hospitality Industry Information Security Risks: Hotels, Restaurants And Retailers Accounted For 78% Of “Data Breaches By Cyber-Criminals” In 2012; “Weak Or Guessable Passwords” Is Most Common Vulnerability

Filed under Crime, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , , , ,

by | October 29, 2012 · 7:00 am

Hospitality Industry Information Security Risks: Report Shows "Computer Password Theft" Has Increased Dramatically As Users Fail To Make Complex Passwords; Cybercrime Now Totals $110 Billion Annually

“…Only about half of computer users make complex passwords for themselves…In the first six months of 2012 alone, hackers stole over 30 million passwords on hacks of just three online services: eHarmony, Zappos and lawyer-friendly LinkedIn. Another recent survey, unconnected to the Norton survey, concurrently found that password theft is up 300 percent in 2012…”

The 2012 Norton Cybercrime Report is now out and it points to an incomprehensible laziness on the part of American computer users when it comes to using passwords.

According to this report, nearly three-quarters of adults have been the victim of a cybercrime (averaging a little under $300 per incident), totaling over 70 million people. The worldwide annual total of cybercrime is estimated at $110 billion.

That is coupled with two other problems: people use the same password for multiple functions, and people use passwords that are, in and of themselves, too simple.

The Norton survey was conducted with 13,000 adults in 24 countries. It found that nearly half of those responding do not use a password that combines phrases, letters, numbers, capitalized letters, lower case letters and symbols, which create complex passwords that are far more difficult to hack than passwords that do not have those things.

The survey showed that nearly a third of all respondents have been notified by an email service, social network, or bank to change their passwords. The bank figure—13 percent––is particularly alarming, implying that nearly one in eight people have had their bank account passwords compromised.

Seventeen percent of people store passwords to other accounts inside another password-protected account. Once one password is stolen, the keys to those other accounts are included.

More? A report out the last week of September found that one in 10 people had “1-2-3-4” as their four digit password. My guess is that a substantial number also have “1-1-1-1” and “0-0-0-0” as well.

For more:  http://www.akronlegalnews.com/editorial/5202

Comments Off on Hospitality Industry Information Security Risks: Report Shows "Computer Password Theft" Has Increased Dramatically As Users Fail To Make Complex Passwords; Cybercrime Now Totals $110 Billion Annually

Filed under Crime, Guest Issues, Insurance, Maintenance, Management And Ownership, Risk Management

Tagged as , , , , ,

by | April 19, 2012 · 6:43 am

Hospitality Industry Theft Risks: Man Arrested For Using Fraudulent Credit Card Information At California Hotels; Police Seize $32,000 Worth Of Cashier's Checks

“…(the man) was arrested on suspicion of using fraudulent credit card information at hotels and resorts in Laguna Beach, Costa Mesa and Dana Point…between Feb. 15 and April 12…”

“…it was common for Larson to give his hotel room to someone else before the end of his stay and move on to another hotel…”

Harold Eric Larson, 36, of Orange was arrested April 12 at the Costa Mesa Marriott, where detectives seized documents, hotel booking information and $32,000 worth of cashier’s checks from 39 different accounts.

Larson is facing charges of burglary, identity theft, grand theft and credit card fraud, said Laguna Beach police Sgt. Robert Rahaeuser.

According to court records, Larson pleaded not guilty Monday to 20 felony counts.

Laguna police first got a tip March 2 that Larson was committing fraud at a Laguna resort.

For more:  http://www.dailypilot.com/tn-cpt-0420-larson-20120417,0,413551.story

Comments Off on Hospitality Industry Theft Risks: Man Arrested For Using Fraudulent Credit Card Information At California Hotels; Police Seize $32,000 Worth Of Cashier's Checks

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Risk Management, Theft

Tagged as , , , , , ,

by | March 1, 2012 · 1:24 am

Hospitality Industry Information Risks: Hotel's Store "Enormous Amounts Of Data" That Is Never Used; 100% At Risk And 0% Value

“…companies can go a long way toward reducing their exposure to significant losses resulting from a security breach by putting themselves on a “data diet…There is an enormous amount of information that we never use, but we never get rid of. It’s 100% risk and 0% value. As a risk manager, that’s the scariest equation you’re ever going to hear…”

While there is no way for companies to completely eliminate the risk of data breaches and cyber attacks, there are several steps they can take to reduce their potential financial and reputational losses, a panel of experts said Thursday at the third annual Business Insurance Risk Management Summit®in New York.

“The fact is that you’re going to be attacked. That’s the reality,” said Alan Brill, senior managing director of secure information services for New York-based Kroll Inc. A well-crafted cyber risk management program need not be wildly expensive or complex, Mr Kroll said, but should at least strive for “commercially reasonable levels” based on company size and industry.

For more:  http://www.businessinsurance.com/article/20120229/NEWS06/120229881?tags=|338|299|302|342|303|335

Comments Off on Hospitality Industry Information Risks: Hotel's Store "Enormous Amounts Of Data" That Is Never Used; 100% At Risk And 0% Value

Filed under Guest Issues, Insurance, Labor Issues, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , ,

by | December 14, 2011 · 6:21 am

Hospitality Industry Information Security Risks: Most Hotels And Restaurants Have Experienced A "Cyber Attack" In The Past Year; "Intellectual Property Protection" Is Too Often Ignored

“…Seventy-three percent of small-to-middle-sized companies experienced a cyber attack in 2010, and 30% of those attacks were extremely effective, according to Symantec, a software security developer based in Mountan View, Calif…”

“…estimates are that this year…the cost associated with each breach has gone up to $214 per record…Negligence is a big issue,” “

With the increase in worldwide cyber crimes, smaller private businesses may be more vulnerable than larger ones, said an executive of Chubb Group of Insurance Companies. “It’s the perfect cyber storm,” said Ken Goldstein, vice president of the Chubb Group of Insurance Companies. “We’re in a bad economy; we’ve got private companies, generally small to middle in market size, that are strapped in what they can spend on intellectual property protection,” he said.

At the same time, he said, new technology means “cyber thieves can essentially hack from anywhere around the globe.”

Cyber crimes can do serious harm to an organization’s bottom line. According to Ponemon’s, the median annualized cost of cyber crimes for the 50 organizations studied was $5.9 million, with a range of $1.5 million to $36.5 million. This represents a 56% increase since last year.

“Multiply that by the number of customers that you service; it could be a sizable amount of money that a company would have to pay out of pocket,” Goldstein said.

The most costly cyber crimes are those caused by malicious code, denial of service, stolen devices and Web-based attacks, Goldstein said. Besides deliberate cyber theft, Goldstein says company information loss sometimes is a byproduct of employee negligence. An employee losing their mobile device at a hotel or restaurant, for example, could lead to a breach, he said.

For more:  http://www.fa-mag.com/fa-news/9382-smaller-private-companies-at-greater-risk-of-cyber-attack-.html

Comments Off on Hospitality Industry Information Security Risks: Most Hotels And Restaurants Have Experienced A "Cyber Attack" In The Past Year; "Intellectual Property Protection" Is Too Often Ignored

Filed under Crime, Guest Issues, Insurance, Labor Issues, Liability, Maintenance, Management And Ownership, Risk Management, Technology

Tagged as , , , , ,

by | November 24, 2011 · 6:47 am

Hospitality Industry Information Security: Hotel Chain Computer System Hacked By Man Who Threatened To Reveal Confidential Information If He Was Not Hired For IT Position

“…an infected email attachment (was) sent to some Marriott employees to install malicious software on the company’s system that gave him a “backdoor” access to proprietary email and other files…”

“…Nemeth sent an email to Marriott staff on November 11 last year, informing them that he had been accessing Marriott’s computers for months and had obtained proprietary information… He threatened to reveal the information if Marriott did not give him a job maintaining the company’s computers…”

A Hungarian citizen has pleaded guilty to stealing confidential information from the computers of Marriott International, and threatening to reveal the information if the hotel chain did not offer him a job maintaining the company’s computers, the Department of Justice said.

Attila Nemeth, 26, pleaded guilty in a US court, according to a statement by DOJ. He was detained after he travelled to the states on a ticket purchased by Marriott for a fictitious job interview.

As he had not received a response from Marriott, Nemeth sent another mail on November 13 containing eight attachments, seven of which were documents stored on Marriott’s computers. The documents included financial documentation and other confidential and proprietary information, the DOJ said.

A US Secret Service agent, using the identity of a fictitious employee of Marriott, communicated with Nemeth on November 18, who continued to call and email the undercover agent demanding a job to prevent the public release of the documents, according to the plea agreement. Nemeth emailed a copy of his Hungarian passport as identification and offered to travel to America, according to the DOJ.

For more:  http://news.techworld.com/security/3320672/marriott-hotel-chain-hacked-by-disgruntled-job-seeker/

Comments Off on Hospitality Industry Information Security: Hotel Chain Computer System Hacked By Man Who Threatened To Reveal Confidential Information If He Was Not Hired For IT Position

Filed under Crime, Labor Issues, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , , ,

by | November 5, 2011 · 5:20 am

Hospitality Industry Information Security: New York Hotel Employee Charged With "Stealing 237 Guest Credit Card Accounts" Totaling Over $800,000 In Fraudulent Purchases

“…A New York City hotel chain auditor has been charged with stealing hundreds of guests’ credit card information and selling it to a man accused of using it to buy $840,000 worth of airline tickets and other items…”

Lukasz Kruk and Barry Herndon pleaded not guilty to grand larceny, identity theft and other charges Friday. The Manhattan district attorney’s office says 237 accounts were compromised over three years.

Prosecutors say Kruk was an auditor for the Amsterdam Hospitality Group and had access to guests’ credit card data. They say Herndon bought tickets for himself and other people with information Kruk took.

Amsterdam Hospitality Group runs eight boutique hotels in New York City, Asbury Park, N.J., and Charlotte, N.C. Its representatives haven’t responded to a request for comment.

For more:  http://www.businessweek.com/ap/financialnews/D9QQ75581.htm

 

Comments Off on Hospitality Industry Information Security: New York Hotel Employee Charged With "Stealing 237 Guest Credit Card Accounts" Totaling Over $800,000 In Fraudulent Purchases

Filed under Crime, Guest Issues, Insurance, Labor Issues, Liability, Management And Ownership, Privacy, Risk Management, Theft

Tagged as , , ,

by | July 5, 2011 · 8:22 am

Hospitality Industry Information Security Risks: Hotel Computer Systems Are Increasingly "Breached" Through "Privileged Users" Who Have Total Access To Sensitive Data

“..security breaches are still happening at an even more significant pace with more damaging results.  In the end, many of these advanced intrusions and data security breaches are focused on taking over access to the accounts and permissions of specific “privileged” users in an organization who have access to sensitive data…”

“…These privileged users are specifically targeted by outside hackers because they have proverbial keys to the kingdom, but in some cases the inside user themselves is intent on stealing or doing damage…” 

One solution that is emerging to this problem is to carefully monitor everything (e.g. every key stroke and every mouse click) that a privileged user does on the network, while also putting more granular limits on what they can do.  Basically “trust but verify,” with the goal being detecting any anomalies in a privileged user’s computing usage (e.g. why is this person downloading the source code at 3 a.m.?).  This is not uncommon as it relates to other privileged users in other jobs — the “Eye in the Sky” in the casinos in Las Vegas is equally monitoring the gamblers for cheating but is also monitoring the dealers, and at a bank the CCTV is not only looking for robbers but the teller slipping some money in their pocket.

Instructive of the value of this new approach is that immediately after its breach, the RSA division of EMC acquired private company Netwitness for a reported large premium.  Netwitness is known for analyzing user activity monitoring at the network layer.  In addition, the latest security vendor to file for an IPO, Imperva, has as its core solution the ability to monitor database access and usage by Database Administrators, another type of privileged user.

For more:  http://blogs.forbes.com/tomkemp/2011/07/05/as-hacks-proliferate-new-security-technology-emerges-to-monitor-privileged-it-users/

Comments Off on Hospitality Industry Information Security Risks: Hotel Computer Systems Are Increasingly "Breached" Through "Privileged Users" Who Have Total Access To Sensitive Data

Filed under Crime, Guest Issues, Insurance, Labor Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , ,

by | April 4, 2011 · 8:22 am

Hospitality Industry Information Security Risks: Large Email Marketing Services Company To Many Hotels Has Data Breach And Guest Email Accounts Are Stolen

In addition to the banks, other impacted companies included hotel brands Ritz-Carlton Rewards and Marriott Rewards, and retail heavyweights Home Shopping Network, Walgreens, Brookstone, New York & Company and Kroger. TiVo is also included in this list.

“…customers should “exercise extreme caution,” as email addresses are all cyber-criminals need to initiate a phishing attack. Users can expect to see more spam, and should be vigilant about email offers that ask for personal information or have links to other sites that ask for personal information.”

Many of these phishing attacks tend to take the form of security alerts—informing users that their accounts have been compromised and they should verify their log-in credentials to reset their accounts—or direct marketing scams promising special deals that require a credit card number.

Epsilon, a large email marketing services company with a roster of A-list clients, reported a data breach that is impacting practically anyone who has ever signed up to receive a retail offer or alert through its email account. The company warned that thieves may use the information to launch a phishing campaign to trick users into disclosing more critical data.

On March 30, Epsilon detected “an unauthorized entry” into its email system. During this time, a subset of clients’ customer data was exposed. Epsilon only has the information of people who opted-in to receive marketing emails, and the theft was limited to email addresses and customer names, according to the company.

“A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway,” Epsilon said in a terse statement on April 1.

“Epsilon has advised us that the files that were accessed did not include any customer information other than email addresses,” used books retailer AbeBooks wrote in a message to customers on April 3.

For more:  http://www.eweek.com/c/a/Security/Epsilon-Data-Breach-Hits-Banks-Retail-Giants-154971/

Comments Off on Hospitality Industry Information Security Risks: Large Email Marketing Services Company To Many Hotels Has Data Breach And Guest Email Accounts Are Stolen

Filed under Crime, Guest Issues, Maintenance, Management And Ownership, Risk Management, Technology

Tagged as , , , ,