Huazhu Hotels Group, a hotel management company in China with more than 10 hotels brands and over 3,800 hotels, reported a data breach on Tuesday, August 28, 2018, after discovering that its clients’ personal information was sold on the dark web forum. According to the South China Morning Post, the Shanghai police are currently investigating the matter. They believe that this data breach could be one of the largest data leaks, that currently affect approximately 130 million clients from the Huazhu Hotel Group.
Shanghai Police Investigate the Huazhu Data Breach
Caixin Global reported that 500 million pieces of personal data and booking information were leaked from the data breach. The personal information included phone numbers, bank accounts, email addresses and booking details which were available to purchase on the dark web for 8 Bitcoin (approximately $56,000 USD).
“Those who commit illegal acts including theft, trading, and exchange of residents’ personal data will be heavily punished,” said the Shanghai police in a statement. “We are resolute in protecting people’s interest and ensuring information security.”
Huazhu mentioned to Caixin that the investigation is still taking place and has requested assistance from internet platforms to limit the circulation of information. They are currently working with a public security authority, Furthermore, they have also hired a number of data security professionals to undergo an internal investigation on the matter.
The discovery of the data breach began with Zpower, an internet security company. Zpower noted that when they verified the data and discovered that the data was available to purchase on the online dark web, they immediately reported the situation to the Huazhu and the police. The breach contained 123 million pieces of personal online user registration information and 240 million pieces of hotel booking records.
Crypto-Ransom a Common Feature
While it’s uncertain when the hotel management company was hacked, media reports noted that the data could have been stolen in early August when Huazhu programmers uploaded company information on Github, a website that enables engineers to work to develop on software code.
Unfortunately, data breaches and hacks are becoming a more common feature. Shanghai-based angel investor in the information-technology sector, Yin Ran noted that even strangers would approach him for information owned by his portfolio firms.
Due to the data breach, Huazhu’s shares, also known as China Lodging Group, fell 4.4 percent to $33.98 USD on Tuesday, August 28, 2018.