Best Western Leaks Consumer, U.S. Government Records

Best Western recently leaked many hotel guests’ data. (Wikimedia Common)

Best Western recently leaked many hotel guests’ data. (Wikimedia Common)

AutoClerk, a reservations management system and travel platform owned by Best Western Hotels and Resorts Group, leaked 179 gigabytes of collected data, including private information on hotel guests and users of the platform, Mac Observer reports. 

The U.S. government, military, and Department of Homeland Security (DHS) were the main victims of the attack. The personal details of government and military personnel, as well as their past and upcoming travel arrangements, were revealed in the breach. Property management systems (PMS), booking engines, and data services related to the tourism industry were revealed, according to Security Magazine. Hundreds of thousands of in-depth files were shared, and clients’ names, dates of birth, phone numbers, home addresses, and even room numbers were included in the leaks. 

A vpnMentor team that discovered the data breach suggested in their report that this information would be extremely useful to hackers as it concerned private operations pertaining to agencies of the United States government. Reservation details of regular clients could also provide attackers with valuable clues to piece together fraud attacks.

One of the platforms exposed in the database was a military contractor who also worked with the Department of Homeland Security, Security Magazine said. This contractor manages the travel arrangements of other independent contractors working closely with American security agencies, as well as U.S. government and military personnel.

The leak exposed the identifying information of many personnel and their travel arrangements. The research team viewed logs for U.S. army generals traveling to Moscow, Tel Aviv, and many more destinations, finding personal data such as masked credit card information and email addresses, and exposing the dangers of leaving information on unprotected servers.