A cyberattack has led to the leakage of 500 million pieces of customer data from China’s largest hotel group this week, including 150 million accounts now on sale in the dark web for 8 Bitcoins or the current equivalent of US$56,158.
Having more than 3,900 hotels in 370 cities in China, the Nasdaq-listed Huazhu Group has 240 million pieces of guest information such as name, credit card details, mobile number, and 123 million pieces of registration data including user IDs and login passwords compromised, according to a report by China Daily.
About 13 hotel brands—including Crystal Orange Hotel, VUE, and Grand Mercure Hotel—were impacted by the incident, the report says, adding that the hotel has registered more than 110 million loyalty program members.
Data theft and other types of cybercrime are no longer only an IT problem because they have financial consequences, which become more costly for enterprises.
Cybercrime victims incur increasingly high cost
According to the Cost of Cyber Crime Study by Ponemon Institute and Accenture in 2017, the average annualized cost of cybersecurity amounted to US$11.7 million, up 22.7% from the previous year.
Cost of cybercrime varies among industries, with financial services having the highest cost and hospitality the lowest. Utilities and energy, aerospace and defense, technology and software, and healthcare are among the top five industries that bear the highest average annualized cost, the study indicates.
CFOs continue to have a prominant role to play in security
The potential damages to companies in the wake of a data breach are many—including immediate financial losses, reputational damage, reimbursements to suppliers and long term legal repercussions, said Tony Jarvis, Check Point Software Technologies’s chief strategist for Asia Pacific, Middle East & Africa.
According to him, CFOs continue to have a prominent role to play in security given their interest in ensuring the company's long term financial health.
“While many CFOs today are aware of the need to have adequate security protections, work closely with security teams, and approve the costs as a necessary expense incurred in doing business online, this incident underscores the importance of business and security personnel working in tandem, learning from each other, and having a sound plan in place to continuously address the security issues being faced in today's environment,” Jarvis noted.