Months after a hotel-chain data breach coincided with a security summit comprising top politicians, details have finally been sanctioned for disclosure

Between May and July 2022, around the time of the top security summit Shangri-La Dialogue held at the Shangri-La Hotel in Singapore, a hacker managed to break into the hotel chain’s networks and accessed the personal data of guests of the Chiang Mai, Hong Kong, Singapore, Taipei and Tokyo offices.

After months of preliminary investigations, information of the data breach has been announced on 30 September. An email sent to affected customers of eight of the hotel chain’s facilities across the five countries announced that certain data files had been breached, but could only note that the content of the exfiltrated files “likely” contained guest data.

The attacker(s) did not encrypt any data, but as the hotel keeps sensitive information such as passport numbers, identity card numbers, dates of birth and credit card numbers with expiry dates encrypted, there was no evidence that hackers have sold or misused any such stolen data to date since the incident.

Databases that had been affected by this incident contained guest names, e-mail addresses, phone numbers, postal addresses, reservation dates, loyalty membership numbers, and company names.

More cyber diligence needed
A spokesman for the Shangri-La Dialogue confirmed that data related to the event was stored on a separate server from that of the hotel system and was not affected by the breach. There has so far not been an indication that the attack was targeted at the guests of the high-profile event, according to a hotel spokesperson.

Chris Thomas, Senior Security Advisor (APJ), ExtraHop, noted that a data breach is just the beginning of a domino effect leading to phishing attempts in future. As to what can be done to ensure more security, Thomas said “the answer lies in enabling an integrated approach to security. Through the integration of disparate data sources with the ability to process the massive amount of data available, visibility gaps are closed and effective investigation is enabled. This is especially true for monitoring not just the internet facing perimeter devices, but internal systems like databases that hold the valuable data that attackers are after.”

According to Sandeep Bhargava, Managing Director (Asia Pacific, and Japan), Rackspace Technology, it is key for organizations to take governance, policy and procedure as seriously as the architecture of the solutions, and to implement regular reviews of cyber policies and procedures. “Organizations (may) think that these security processes may seem burdensome, but it’s important to remember that all good work can be undone in a matter of seconds with poor management of the processes that govern security policies. With a growing hybrid workforce and continued adoption of the cloud, adopting a Zero Trust approach is critical to preventing data breaches and ransomware attacks.”