Luxury hotel chain Shangri-La suffered a security breachSecurity Affairs
The Shangri-La hotel group has revealed a data breach, a database containing the personal information of its customers has been compromised.
Shangri-La Hotel Group disclosed a data breach, threat actors gained access to a database containing the personal information of guests at eight of its Asian properties between May and July.
The incident affected hotels in Hong Kong, Singapore, Chiang Mai, Taipei and Tokio, the company has launched an investigation to determine what data was stolen by the attackers. The company has informed the authorities and potentially affected customers.
A Sept. 30 statement from the hotel chain on its website reveals that the company “recently discovered unauthorized activity” on its IT infrastructure.
A “sophisticated threat actor successfully bypassed Shangri-La’s computer security monitoring systems undetected and illegally accessed guest databases”, read the statement.
“Some data files were found to have been exfiltrated from these databases but the investigation was unable to verify the contents of these files,” the statement continued. “The databases contained customer contact details, but personal information such as dates of birth, identity and passport numbers and credit card details were encrypted.”
Experts pointed out that the Shangri-La Hotel in Singapore hosted the Asian Security Summit between June 10 and 12 during the same period the hack took place.
Asked if the Shangri-La Dialogue was the target of hackers, a spokesperson for the hotel told Singapore’s Straits Times newspaper that there was no evidence to support the assumption.
“There is no evidence to suggest that a specific hotel or event was chosen. As a matter of policy, we do not release information about our guests. says the spokesperson.
“Data related to the Shangri-La dialogue has been stored on a separate secure server and has not been affected by this incident,”
“Data related to the Shangri-La dialogue has been stored on a separate secure server and has not been affected by this incident.” said a spokesperson for the event organizer, the International Institute for Strategic Studies (IISS).
The hotel chain says it is not aware of any abuse of stolen guest data.
(Security cases – piracy, Shangri La Hotel)