P2020-ND-199

On February 26, 2020, the Organization discovered a higher than normal amount of lookup activity on its guest reservation application associated with login credentials of two employees of a franchisee property in Russia. The change in volume associated with one set of credentials started on January 11, 2020, and the other on January 14, 2020. On June 29, 2020, the Organization reported it had identified a small amount of prior unauthorized lookup activity between September 21 and December 28, 2018, which it believes is likely connected to and part of the unauthorized access described above. The additional activity involved the credentials of two employees at another of the Organization?s properties in Moscow, which were used to access the same application. The Organization found evidence of connections between some of the individuals who it believes may have been involved in the 2018 activity and those previously identified as being involved in the above unauthorized access. The Organization identified approximately 228,000 additional queries connected to the 2018 activity which it believes were either successful lookups of additional guest records, failed lookups (e.g. a lookup of a number that did not correspond to any guest profile), or duplicate lookups of guest records already identified. The Organization reported that no further detail is available about these additional queries, including the identity of any guest records.

File Type: pdf
File Size: 637 KB
Categories: 2020