Largest lodging franchisors Choice Hotels has recently disclosed that it has suffered a data breach. The data breach occurred due to a misconfigured MongoDB database.
What is the matter?
According to Comparitech and security researcher Bob Diachenko, cybercriminals have taken advantage of the unprotected database and stolen 700,000 customers' records belonging to Choice Hotels. The threat actors have left behind a ransom note, demanding a ransom of about $3,800 or 0.4 Bitcoin in return of the records.
What data is compromised?
The data breach came to light on June 30, 2019, after Diachenko noticed a database indexed by the BinaryEdge search engine. Upon discovery, Diachenko mailed the Choice Hotels about the issue. Later, the server was secured on July 2.
The data compromised in the incident includes customers’ names, email addresses, physical addresses, and phone numbers. However, no financial and detail personal information was exposed in the breach.
How did the firm respond?
Choice Hotels in its reply said that the fields containing passwords, reservation details and payment information only contained fake test data.
“The database held 5.6 million records. However, Choice Hotels told Comparitech in an email that the majority of records were “test data, not associated with real people,” said the report from Comparitech.