News & Comment: China police investigate possible data breach at hotel operator Huazhu Group

China police investigate possible data breach at hotel operator Huazhu Group

SHANGHAI (REUTERS, CHINA DAILY/ASIA NEWS NETWORK) – Chinese police are investigating a possible leak of client information from hotel operator Huazhu Group, after state media said nearly 500 million pieces of customer-related information from the hotel operator had emerged in an online post.. Read more at


Michael Magrath, Director, Global Regulations & Standards, OneSpan:

“HUAZHU is the latest breach that has affected the hospitality industry.  Last summer the SABRE breach affected numerous chains including Trump Hotels, Loews Four Seasons and Hard Rock.  Given the breadth of personally identifiable information stored on hospitality industry systems, cyber criminals will continue to their attack often targeting usernames and static passwords or compromising unsecure mobile applications.  

“The hospitality industry is all about customer service.  Given the advancements in authentication technologies, upscale properties can differentiate themselves by offering the latest, frictionless adaptive authentication methods combining behavioral biometrics and machine learning and well as fingerprint and facial recognition.  These technologies can enhance the overall customer experience from online booking, registration, check-out, and entering their guest room.”


David P. Vergara, Head of Security Product Marketing, OneSpan

“No security measures can fully protect against mind-numbingly careless behavior on the part of internal development teams. If, indeed, this breach was tied to unsecured copies of the hotel database being released, hotel customers should be furious and the hotel should be responsible, and providing tools/services to protect customers from fraud. In this case internal training and adoption of best practices from an IT security and development perspective need to be implemented immediately. Additionally, a full assessment of security technologies should be conducted, including the use of MFA.”