Although the industry has, unfortunately, had quiet year in 2020, it seems this fact has not lessened their risk of travel and leisure data breaches.
Travel and leisure breaches have been prominent in the news with the revelation that companies including Expedia and Booking.com have been affected by a large-scale breach, after their partner Prestige Software failed to password-protect a database containing millions of customers’ booking details. Among the exposed details were guests’ names, phone numbers, email addresses and payment details, inducing risks of both blackmail and fraud.
As the travel and leisure industries continue to be a prime target of hackers, it is important to evaluate the scale of the impact, and to consider why these companies succumb to breaches again and again.
Recent travel and leisure data breaches
In recent years, several travel companies have been the targets of data breaches, proving the existence of an industry-wide problem.
The scale of the breaches and the severity of the failings has often led to significant legal action: in October of last year, hotel chain Marriott was fined £18.4m following a four-year period of data vulnerability between 2014-2018, during which the personal data of 334 million guests was insufficiently safeguarded. In addition, British Airways was also fined a record £20 million by the Information Commissioner’s Office due to their failure to protect 400,000 customers’ details, arising from cyberattacks.
In the leisure sector, Ticketmaster similarly faced a fine of £1.25m for a fault in a third-party chatbot, which had been used by a hacker to retrieve payment information. With all these cases culminating in fines, and with the fines piling up, the stain of data breaches seems to have significantly marred the reputations of the travel and leisure industries and has caused concern for consumers.
Why are travel and leisure companies at risk?
There are a number of reasons that explain why travel and leisure data breaches have become so frequent. The size of the industries accounts for their attraction for hackers given how much the sectors are worth, and the kinds of information such companies hold can offer a wealth of potential rewards for hackers and fraudsters.
The nature of the data that causes the travel and leisure industries to draw in hackers is obvious. Companies often hold highly sensitive data such as passport details and payment card information, both of which can be incredibly valuable for hackers to sell on or use for fraud.
Claiming compensation for travel and leisure data breaches
At The Data Leak Lawyers, we know how distressing it can be to be affected by travel and leisure data breaches. After all, customers are paying for these companies’ services to unwind and enjoy their spare time, so this relaxation should not be infringed upon by their failure to sufficiently protect customer data.
As a leading firm of data breach lawyers, we can offer free, no-obligation advice if you have been the victim of a data breach. If you are eligible, we are proud to be able to offer you No Win, No Fee representation.