Recent HEI Hotel Data Breach Raises Questions Regarding Cybersecurity Analytics
HEI Hotels & Resorts, a large hotel management company, has reported a data breach. Affected hotels include large chains such as Hyatt Hotels Corporation, Starwood Hotels & Resorts Worldwide Inc, and Marriott International Inc. The breach was reported to have started in March 2015 and lasted until June 2016.
The following twenty locations were affected:
- Boca Raton Marriott at Boca Center
- Dallas Fort Worth Marriott Hotel & Golf Club
- Equinox Resort Golf Resort & Spa
- Hotel Chicago Downtown
- Hyatt Centric Santa Barbara
- Intercontinental Tampa Bay
- Le Meridien Arlington
- Le Meridien San Francisco
- Renaissance San Diego Downtown Hotel
- Royal Palm South Beach Miami
- San Diego Marriott La Jolla
- Sheraton Music City Hotel
- Sheraton Pentagon City
- The Hotel Minneapolis Autograph Collection
- The Westin Pasadena
- The Westin Philadelphia
- The Westin Snowmass Resort
- The Westin Washington, D.C. City Center
- Westin Fort Lauderdale
The cause of the breach was malware, which was discovered in the hotels’ payment systems. Data from customers may include credit card numbers. HEI stated it has already taken remedial measures by transitioning from a payment card processing to a stand-alone system that’s completely separate from the rest of its network. The malware has also been disabled. HEI also stated that the breach has been contained and customers can safely use cards at its properties again.
However, such large scale data breaches have become more and more of a problem in the retail world where there are many credit card transactions. Hackers have a large incentive to break into such credit card systems to take a plethora of credit card numbers and sell them. Hotels, because of their large scale credit card transactions, from paying for rooms to food and beverage service, have therefore become prime targets for such hackers.
Hotels have begun to respond to such data breaches using more modern solutions. For example, Omni Hotels & Resorts has made corporate defense a priority in lieu of a cybersecurity attack that impacted 48 of its 60 hotels in North America reported earlier this year. The new CIO Of Omni, Ken Barnes, who started in May, plans to improve cybersecurity for Omni’s payment processing systems. One such defense could include analytics that detect suspicious behavior which may suggest a hacker is attempting to enter Omni’s system.
Increasingly, hotels are seeing the benefit of analytics, not just in cybersecurity, but in the general management of their operations. Ever since revenue management became popular within hotels in the 1990s, hotels have been changing their methods for revenue acquisition and optimizing prices. However, big data was only in its infancy then and solutions to revenue acquisition problems have become much more sophisticated.
As hotels begin to adopt analytic solutions to their various problems such as cyber security and revenue management, only time will tell which hotels will look to 21st century solutions to ever increasing problems with data and revenue management.