British hoteliers are reportedly being held to ransom by criminals hacking into their booking systems, blocking all access and then demanding payment.
Attacks in the US and Europe suggest that hackers could also steal guests’ personal data and credit card details and shut down other systems, including key card systems.
Recent ransom attacks have targeting IT systems at two high-end hotels in Cornwall, The Times revealed today.
The newspaper cited industry insiders as saying that the problem was probably more widespread because hotels were loath to reveal details.
Neither Cornish hotel is believed to have paid up, but both had to spend large sums overhauling their systems.
In a different type of attack, InterContinental Hotels Group revealed last month that it was investigating claims that customers’ credit and debit card details were stolen from 20 US hotels.
Hotels are see as attractive targets because they are dependent on their reservation systems and store lots of personal information.
Ilia Kolochenko, chief executive of High-Tech Bridge, a cybersecurity company, said: “There are financial details and things like who’s sharing a room with who. Criminal gangs such as Carbanak are now targeting hotels worldwide.”
The Russian-based Carbanak gang is linked to an alleged theft of $1 billion from financial institutions.
Many hotels stress that they take the threat seriously and are well prepared.
Jonathan Lawley, deputy manager of the Hotel Tresanton in Cornwall, which has not been targeted, said that it had the latest security and did not keep guests’ bank details on file.
A recent ransom attack in Austria showed the extent to which hackers can cause chaos when security is outdated.
The 111-year-old Seehotel Jägerwirt at Turracher Höhe paid criminals €1,500 to regain access to systems after they were shut down on the first weekend of the ski season. Guests were not trapped in their rooms, contrary to reports, but the hotel could not issue new key cards until it paid up.