In another example of a data breach allegedly caused by a vendor, Choice Hotels is contacting approximately 700,000 of its customers regarding a data breach caused by a third-party vendor that “copied the impacted data from our environment without authorization” to its server. While the data was being transferred to the third-party vendor’s server, it was accessible on the internet for a few days.
According to Choice Hotels, although much of the information was “fake” (we are interpreting that to mean that it was test data as opposed to production data), some of it was the real information of guests, including names, addresses, telephone numbers and email addresses.
When researchers notified Choice Hotels of the exposed data, it contacted the vendor, which then deleted the database from its server, and Choice Hotels “ended its relationship” with the vendor.
In light of the compromising situation regarding its data, Choice Hotels is recommending to its affected customers that they be aware of phishing emails, texts and mailings , which is something customers should be doing anyway.