Group items matching

in title, tags, annotations or url

This article report that sensitive data such as credit card information can be easily received through hotel wireless networks by cybercriminals due to the poor protection network. With the information, cybercriminals can make clone credit cards, which are indistinguishable from the real one and difficult to be traced. What worse is it takes months for hotels, customer and credit card companies to find out this criminal activity. Although hotels have began to step up security, this article notice that customers, especially those travel a lot, need to pay attention to their bank statement since the trend of hacker attacks didn't go down.

A relatively unsophisticated group of hackers stole millions from Subway by hacking through their poorly secured POS systems. These franchise businesses possibly failed to adhere to the standard required by Subway Corporation and failed to establish two points of entry for remote access into the POS system, making it easy for hackers to steal credit card information. These types of crimes are likely to increase in the future as hackers from around the world take advantage of sub-par security systems. Businesses can no longer concern themselves only with the sale of an item, they also need to offer a sense of security to their customers and accept the reality that cyber theft is a rising problem.

It seems everybody should check their online accounts frequently=_=

Jeremy, I can appreciate the transparency of those restaurants. I wish more businesses would be open about their security. People are wound pretty tight about money right now and need to feel that the business world does care enough to protect their information.

This article is related to IT security in hotels. Around six months back a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators met at the LodgeNet's Customer Technology Symposium in Chicago to discuss on how protecting customer data is becoming their top priority. This type of situation was brought to a head earlier this year when marketing services giant Epsilon experienced a massive breach to its email systems. According to a SecurityWeek report, among those impacted by the breach were several hotel operators, including Hilton, Ritz-Carlton and Marriott. According to a 2010 Wall Street Journal report, the most common security vulnerability in hotels is point-of-sale software. Often, hotels do not require employees to change the default names and passwords of these programs, making it easier for hackers to break in and steal customer information. To overcome some of these and other concerns, McBeth said hotel operators are applying the best practices detailed by the Payment Card Industry Data Security Standard (PCI DSS), which aims to address data security for businesses that handle payment cards. However, he admitted that the task of ensuring protection throughout an organization is difficult, given the number of channels where vulnerabilities could be uncovered. This being the case, it is encouraging to see some hotels are making moves to lock down their data security practices. There is clearly a great deal of work that needs to be done, but if a hotel can demonstrate it is capable of protecting customer information, it may be more likely to inspire confidence in consumers, which, in turn, could afford the hotel a competitive edge.

Its a tough task to monitor this, because at the end of the day, the responsibility is at the property level to ensure that data is secure across the board. So training employees on the importance of data security and what a breach means could go along way.

This Article deals with the hacking of Darkside the hacker group who extorted over 4 million dollars paid in bit coin, this article goes into ho w the FBI was able to get the monies paid back to the company.

The focus of this article is to point out why restaurants are targets for cyber attacks, what information hackers are looking to obtain and to identify what steps can be taken to protect consumer information. hackers target a restaurant's POS system for the large amount of bank data it may record as well as any online banking occuring in the restaurant. The personal information from employees as well as any app or website utilized by guests, is prone to cyber attacks. The most important solutions rely on conducting background checks on employees and making sure that they are trained on what to look for. Restaurants can also put practices in place that involve using unique employee numbers, keeping computers out of guests' view, and using vendors with a stellar reputation.

This article discusses a data breach that Ticketfly, a ticket booking online service, suffered due to hackers breaking in. Ticketfly is owned by major event booking company Eventbrite, and according to the article, Eventbrite failed to have adequate cybersecurity to prevent the breach, causing over 27 million customer information to be disclosed to the hackers. This just highlights the horrors that can happen when booking through a event registration software.

Hotel wifi connection can be an easy access for identity thieves to stole personal information. Several surveys have show that there are many potential risks to get attacks through hotel internet.  WiFi Hacking Crimes Are Easy to Commit The security of hotel witless networks is a big issue and can be easily attempted by hackers. People may illegally use the internet access by staying in the nearby area of a hotel. Fake access point can also cause consumers in the hotel to lose their personal information such as credit card, banking or other confidential information.  The article also offers some solutions to avoid hackers. 

Reading your article brings us back to some topics that we covered in this weeks reading. The security of hotels is important in that industry, especially when guest give out important information. Like you mentioned for example, credit cards and other confidential information that hotels need and use to process the guests into the systems. It is important that hotels protect their guests by affirming that all systems they use are well protected.

This article brings to light security threats that are transfered via hotel networks. Fake software updates are used to hide malware which is installed on the computer when the update is accepted. The FBI offers tips on how to avoid being exposed to this after data on several hundred firms was stolen by hackers. The hackers broke into Marriott International Inc.'s records and had access confidential information. This article is important because firms have the responsibility of providing security for the clients as well as themselves. It is important to be aware of threats like this and of how it can be avoided so that the firm isn't put in a bad situation and have to deal with stolen information. With mobile devices and wireless networks becoming more common these types of threats need to be taken into consideration. Most users don't read the fine print or consider where software updates are coming from, especially if it looks like the source is a hotel they are staying at. This makes it even more critical that the hotel is aware of and blocking these threat because claiming that it was done without the knowledge of the hotel may not always be enough and looks badly for the security.

The article I read was called, "Restaurants, Beware: Hackers Want Your Customer Data." In the article it talked about how cyber criminals want credit card information from people so that they can make money off of them. Criminals find new ways everyday to breach systems and steal information from guests staying at hotels or eating in restaurants. It states that many restaurants and franchise businesses use unsecure and public WiFi networks are connected to the point of sale system. "Franchise businesses are particularly at risk primarily because franchises tend to have the same POS system duplicated at all locations." A lot of times businesses don't have trained security on staff, they just assume that their IT person will be talking care of the security. According to the article the best detection systems are neither the technology nor the security but it's the employees who work there. The employees can tell when something has changed in the system and as soon as they realize that, they need to report it to their manager. I never even considered people breaking into the systems and stealing credit card information but it does happen and it's important to know what to do in these kinds of situations.

As close to home as this hits, with a security breach at my hotel recently, I'm happy to see that companies are upgrading their systems. The Black Hat cyber security conference in Vegas had a hacker present how easy it was to gain access into a hotel room. He had less than $50 in equipment that he used to infiltrate the locks on the hotel doors. In response to this, Onity, the company whose locks were tested, came out with a plan for a "two-tier" security upgrade. This makes me feel a little bit better but at the same time, it seems like hotels aren't being proactive about protecting their customers, so maybe more hotels needs to be exploited.

I don't see this how it make anyone feel a little better, all the company is doing is giving price discounts and tightening up some locks, make it harder to pick apart. The problem is the avg their or experienced theif can take a part a lock in minuets if not seconds. Chances are you wouldn't even hear it if you were asleep, on the phone, watching TV. The system isn't very good if it can be hacked with up to 50$ of equipment

A hotel's PMS is at the core of all functions, but outside threats are becoming more common. "In a report researched by Sky High Networks, the percentage of organizations that experience at least one threat per month from data exfiltration (hackers) is 49.8%." Keeping guest information private is critical and when information is leaked it is hard for the company to gain back guest trust. It is clear that society is becoming more and more comfortable with e-commerce. This article points out that reliance on cloud based PMS systems may be the next best thing. These systems use hi-tech encryption which make it near impossible for hackers to breach. However the article says properties must choose a PMS that makes the most sense. Technology is constantly changing and jumping on the bandwagon of cloud computing may not be the best decision. Who knows what new technology will be implemented next.

This article describes one of the worst situations that could occur when operating a hotel. According to the text, Wyndham Hotel Group failed to implement a strong enough security system, resulting in hackers breaching the network and stealing over 600,000 credit card numbers and over 10 million dollars in fraudulent charges. The FTC is suing Wyndham Corporation for failing to take the proper security measures to guarantee the security of the most important customer information. The FTC also states that Wyndham used improper software configurations that presented credit card information in a manner that was clear and easy to read. Michael Valentino, spokesman for Wyndham Worldwide, the company made prompt efforts to notify those whose information had been compromised and according to Valentino, no hotel customer had experienced a financial loss as a result of the attacks.  Despite Valentino's claims, the FTC is suing Wyndham for unfair and deceptive practices in failing to protect the privacy and personally identifiable information about guests. The FTC claims that Wyndham failed to address the security failures that occurred after the first breach in 2008 and did not implement technology that could have detected unauthorized access to networks. In 2009, hackers used similar techniques to break into the network again as steal as much personal information as they could. 

This article deals with the theft that happens on a daily basis in the hospitality field. It happens when credit cards are used to pay for something, like a reservation, and thieves want the information, so they can use your credit card number for whatever intentions they may have. As the article states, "our data is under attack". I can relate to those people that have had credit card numbers stolen, because it has happened to my husband and me, and it is a horrible feeling trying to get your life back on track and recover your money.  I think it would be a great idea, with some research, to get the point to point encryption technology in a field where credit cards are used so often, not only to cover the business (hotel), but also to protect the guest, so they feel at easy when they travel on vacation or business.  The overall point of this technology is to encrypt the information as close to the point of entry, i.e. the swiping of the credit card, as possible. This would in turn "significantly reduce a merchant's card data environment", as the program would encrypt the information so that hackers cannot access the customer's information. As I mentioned earlier, questions should be asked before buying this technology, as there is always something new on the market that may be better. Credit cards are not always swiped, but can also be manually placed in the system, so you want to make sure, that both transactions are protected. Overall, the establishment should always be concerned about the customer and their safety, whether physical or mental and always be prepared for the worse.

Great article! Personally after being a victim of credit card fraud, I'm very apprehensive of where I shop, who handles my card and how long it takes them to return it. I recently cancelled a large purchased after the cashier insisted on rubbing my card number on the reciept after the transactions had be approved. In my mind, I was thinking "If I let you do that, then I've open the door for anyone to charge thousand of dollars. I don't think so." As a manager, who hands credit card numbers for manual input, I'm very cautious of them and want to insure that they don't get into the wrong hand. Aftern each transactions is approved, that number is shredded and the credit card machine is batched out. Companies don't realize how important it is to PCI compliant. The risk in exposing sensitive information of our clients and customers can cost thousand of dolllars in fines and fee, in addition to the lost of that customer/client.

Marilyn, Great Article...as a Front Desk Manager, it is my responsibility to randomly check our computers to ensure employees are not placing USB driver to collect data from our system. Our company has taking this a step further by putting metal locked case around the PC to avoid possible fraudulent activity. If we have to open a PC, we must log it to show proof why a PC became unlock. Companies should adopt similar procedures to protect the consumers/guests. Nelson

Mr. Watt, a customer who was spending his weekend at the Courtyard Marriott in Midtown Manhattan was browsing the website. He realized that there was a strange drawing appeared on the top of the web page, which did not exist before. At first, he did not pay too much attention to it, but he still determined to check source codes to see if there was anything wrong with the computer or the Internet. After checking the source codes, he found lines of code which include references to"EXG". He thought it was a hacker attack, but his IT background enabled him quickly figured out that lines of code that include EXG had nothing to do with a hacker attack, but was a service named Revenue Extraction Gateway used by RG Nets company to inject advertisement secretly without the knowledge of the users, which aims at generating revenue from the Internet access points. Mr. Matt claimed that although this service will not bring harm to the users, but the principle of the thing that upset the users most. The hotel then apologized to Mr. Watt, and promised not to use this service anymore. What I feel interesting is that I also had such problems before, and after I interviewed some of my classmates and friends, I realized that this is a pervasive problem. However, what surprised me the most is the truth that most of the hotels do not know that their hotels' internets are exposed to secret ads injection because this kind of secret service is not on the contracts that the hotels signed with the internet company. In my opinion, it is an unethical service. Customers who use the internet feels that he/she is being spied on, and for the web content creators, they could not get a cut of the revenue from this.

The Article attached to this link reports commun issues found in hotel internet networks. The author mentions a study conducted with 38 hotels. It resulted that 33 out of the 38 hotels had flaws in their network configuration and allowed the researcher to access unauthorized information via the internet. We all understand that reliable internet connectivity is a priority for guests and business travelers; however, security is a concern that can't be neglected. Another reason to be concerned is that so many softwares and applications are stored via internet. Adding a password is a simple measure that every business should consider. Network issues cold not only hinder guests but the hotel as well.

According to the research by Cornell University, most US hotels are vulnerable to hackers. There are two main reasons contribute to the issue. One is the flaws in many hotels' network topology, making it possible for customers to lose their privacy. The other is careless employees provide access information to help hackers' breach. Ogle thought that WPA encryption, VPN and training employees are good ways to solve the problems. I think that if the computer networks of hotel are weak, the guests' password, email message or other private information will not be protected, and they will even suffer loss. So it is important for a hotel to use different measures as Ogle recommended to ensure the safety of the computer network.

this article is talking about the problem on the hotel network security. a author from the Cornell university said he tested wireless network at 38 hotels at the same time. he found that most hotels were easy to break into. moreover, as long as you use the Linux distribution BackTrack and a high-power wireless card and high-gain omnidirectional antenna, you can break into the hotel guest network and then get the password, email message and the website people are viewing. importantly, this procedure just cost 100$. this is full of loopholes. hotel manager should pay more attention on this problem. at the end of the article, the author recommend a security app called Wi-Fi Protected Access encryption. this app require the guest to enter the password if the guest wants to surf the internet.also, he recommend connecting to the internet using a Virtual Private Network (VPN), having updated anti-virus and firewall software and making sure each secured website starts with "https://" rather than "http://".

The failure of hotels to properly store and transmit sensitive credit card data makes them an easy target for hackers. This article shows that in 2009 a whopping 38% of credit card theft was associated with the hotel industry. These thefts necessitate a level of uniformity for hotel security standards. The biggest key to this article is the reminder that hotels cannot be lacking in their technology security measures. The industry is based on service and must do its due diligence to protect its customers and retain their loyalty and trust.

That article is really eye opening. I couldn't help but notice the article is from a year and a half ago. I wonder how much improvement hotels as a whole have made on this front. I imagine it is significant or else I feel like we would be hearing more about it now. This really teaches you to keep a close eye on your accounts. I thought the Wyndham Hotels' spin about "sophisticated hackers" was kind of amusing. I assume someone forgot to "CYA" but they couldn't tell that to the people whose credit card information had been stolen.

I noticed the time frame as well. I would love to see a more recent article or study done. It is definetely a reminder to consumers that you cannot rely upon hotels or other industries to provide security. Consumers need to be more responsible for tracking their own actions. Hotels also need to recognize that this threat is not going to go away. They must continuously look for new attack angles. It seems to me that the very best amongst the hospitality industry are casinoes. Other hotels should use them as a model and avoid "sophisticated hackers."

What a nightmare! One of the marketing strategies to attract new guests is data mining, the process of drilling through information contained in the data warehouse and analyzing this information, such as; back ground, preferences, and demographics. Unfortunately, hackers also mine this data for customer's credit card information.

This incident has happened more likely in Asia now, especially in my country, Viet Nam. Because Viet Nam is a new development country and we did not have the system like credit score and many banks try to get customers through processing of credit cards; therefore, many information of guests has been collected into server of the bank recently. And the problem associate with that is that the security of the banking system in Viet Nam is not up to date or very loose making many data breach has been reported. I believe this is not just stop at banking industry but other industries as well as Hotel because many information has been saved there. This incident proves that technology played a very important role for all industries not just some technical related industries.

This article discusses the Federal Trade commission's actions against Wyndham Worldwide Hotels. Unsophisticated hackers breached the hotels system and obtained the credit card records of 600,000 guests, causing the FTC to claim that the hotel group did not maintain proper system security. However, several groups file a Amicus Brief that the FTC is not clear as to what security standards they require. Currently the FTC requirements "will depend on the size and complexity of the business, the nature and scope of its activities, and the sensitivity of the information at issue". This means to many in the industry that company does not know if they are maintain proper security in the eyes of the FTC until they are sued by the FTC. The article goes on to say that a company should "Review your privacy policy immediately to insure it is compliant with the most recent standards and that the data security systems in place are actually consistent with the stated policy".

Hotel industries have been under attack from excessive hacking, as seen with Hilton being targeted for private financial information from guests. In 2014, it was noticed that hackers had been targeting Hilton throughout the course of 17 weeks. They state that the industry itself has not really focused budgeting on cyber security. It seems that the process is done by integrating a virus into these hotels POS system. The virus was actively attacking the Micros program, which was being used in more than 300,000 hotels and resorts. An ultimate treasure chest for information, some of which was not even encrypted. In addition, the virus appears in the system as a legitimate software, and then it obtains over 90 percent of stored information. This hacking is being conducted by organized groups, who moved from the retail industry because it had indeed improved its cyber security. With hotels it seems that the concept has not been taken as seriously. There are many hotels susceptible to such an attack. As long as there is a sales software, then someone is looking to get into it. A person could be sitting inside of your location, and infiltrating a guests' wireless internet, and they would not even know. In order to engage this threat, locations must be proactive in attempting to stop what is occurring. The only question is, how much are they willing to invest in cyber security?