Luxury hotel chain Shangri-La suffered a security breach

Pierluigi Paganini October 01, 2022

The Shangri-La hotel group disclosed a data breach, a database containing the personal information of its customers was compromised.

The Shangri-La hotel group disclosed a data breach, threat actors had access to a database containing the personal information of customers at eight of its Asian properties between May and July.

The incident impacted hotels in Hong Kong, Singapore, Chiang Mai, Taipei and Tokio, the company launched an investigation to determine what data had been stolen by the attackers. The company notified authorities and potentially impacted guests.

A statement published on September 30 by the hotel chain on its website revealed that the company has “recently discovered unauthorised activities” on its IT infrastructure.

A “sophisticated threat actor managed to bypass Shangri-La’s IT security monitoring systems undetected, and illegally accessed the guest databases”, reads the statement.

“Certain data files were found to have been exfiltrated from these databases but the investigation has not been able to verify the content of these files,” continues the statement. “The databases contained guests’ contact information but personal information such as dates of birth, identity and passport numbers, and credit card details, was encrypted.”

Shangri-La

Experts pointed out that the Shangri-La hotel in Singapore hosted Asia’s top security summit between June 10 and 12 in the same period the hack took place.

Asked whether the Shangri-La Dialogue was the target of the hackers, a hotel spokesman told Singapore’s Straits Times newspaper there is no evidence to support this hypothesis.

“There is no evidence to suggest any specific hotel or event was singled out. As a matter of policy, we do not disclose information about our guests.”  said the spokesman.

“Data related to the Shangri-La Dialogue was stored on a separate secure server and was not affected in this incident,”

“Data related to the Shangri-La Dialogue was stored on a separate secure server and was not affected in this incident.”  said a spokesman at the event organiser, the International Institute for Strategic Studies (IISS).

The hotel chain states that it is not aware of any abuse of stolen guest data.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Shangri-La hotel)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment