The personal data of hundreds of thousands of users was exposed after a breach to Autoclerk, a service owned by Best Western that managed reservations for several hotel and travel businesses.
According to the security experts at VPN Mentor, the information exposed includes masked credit card details, names, dates of birth, home addresses, phone numbers, and the dates and costs of travel, and check-in times and room numbers at hotels.
Even more troubling, VPN Mentor says that one of the companies exposed in the breach was a contractor for the U.S. Government that makes travel and hotel arrangments for U.S. military personnel and government contractors. VPN Mentor was able to view travel arrangements for U.S. Generals traveling abroad.
In addition to potential national security risks, travelers become prime targets for scammers who can use the information they’ve obtained to target people with convincing phishing campaigns by impersonating hotels and travel agencies.
Hackers would have also had detailed information about when hotel guests would be away from home. If you’ve recently stayed at a hotel, it’s not a bad idea to contact them to find out if they were affected by this breach.
Keep an eye out for emails or phone calls that claim to be from a hotel you’ve stayed at recently. As always, be vigilant and monitor all activity on your bank account.