Luxury hotel chain Shangri-La suffered a security breach

The Shangri-La hotel group disclosed a data breach, a database containing the personal information of its customers was compromised.

The Shangri-La hotel group disclosed a data breach, threat actors had access to a database containing the personal information of customers at eight of its Asian properties between May and July.

The incident impacted hotels in Hong Kong, Singapore, Chiang Mai, Taipei and Tokio, the company launched an investigation to determine what data had been stolen by the attackers. The company notified authorities and potentially impacted guests.

A statement published on September 30 by the hotel chain on its website revealed that the company has “recently discovered unauthorised activities” on its IT infrastructure.

A “sophisticated threat actor managed to bypass Shangri-La’s IT security monitoring systems undetected, and illegally accessed the guest databases”, reads the statement.

“Certain data files were found to have been exfiltrated from these databases but the investigation has not been able to verify the content of these files,” continues the statement. “The databases contained guests’ contact information but personal information such as dates of birth, identity and passport numbers, and credit card details, was encrypted.”

Experts pointed out that the Shangri-La hotel in Singapore hosted Asia’s top security summit between June 10 and 12 in the same period the hack took place.

Asked whether the Shangri-La Dialogue was the target of the hackers, a hotel spokesman told Singapore’s Straits Times newspaper there is no evidence to support this hypothesis.

“There is no evidence to suggest any specific hotel or event was singled out. As a matter of policy, we do not disclose information about our guests.” said the spokesman.

“Data related to the Shangri-La Dialogue was stored on a separate secure server and was not affected in this incident,”

“Data related to the Shangri-La Dialogue was stored on a separate secure server and was not affected in this incident.” said a spokesman at the event organiser, the International Institute for Strategic Studies (IISS).

The hotel chain states that it is not aware of any abuse of stolen guest data.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Shangri-La hotel)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.