Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Falkensteiner. Show all posts

Information of European Hotel Chain’s Customers Discovered in Unprotected Server


A researcher has recently found an unprotected server storing the personal data of several Falkensteiner hotel chain clients in Europe. 

Falkensteiner, the Austria-based hotel chain has hotels that are spread across Central and Eastern Europe, including Austria, Italy, Croatia, Slovakia, Serbia, and the Czech Republic. 

The compromised data of Falkensteiner was apparently discovered by researcher Anurag Sen, from the cloud security company CloudDefense.AI. Sen most recently found a US government computer that was leaking private emails from the US military. 

In an analysis conducted by Sen, it was found that the exposed customer data was linked to Gustaffo, a firm providing IT solutions for the hospitality sector. 

The researcher claims that he alerted Falkensteiner and Gustaffo, but neither one of them responded. Sen informed the company, but shortly thereafter he found that the server was protected. 

According to Sen, before it was taken offline, the compromised Elasticsearch server hosted more than 11 GB of data. In the exposed database, he discovered more than 102,000 records with full names, contact information (phone and email), and booking information. 

The researcher has shown his discontent with how the impacted companies have addressed the issue. “They haven’t responded to his emails and haven’t notified customers about the data breach,” he says. 

Gustaffo, however, claims that after learning about the leak from another researcher, they actually secured the server. The Austria-based company, which does have a responsible disclosure procedure, informed that its analysis revealed the problem was contained to a single system and that only about 13,000 individuals' personal information was compromised. 

Gustaffo representatives further explain that many of the records are probably duplicates, taking into account that the company does not store data of more than 13,000 customers. 

The company adds that it has taken every necessary measure and performed security updates to its system and is in contact with the government authorities to help handle the situation. 

Moreover, while no initial statement was provided by Falkensteiner, the company has recently addressed the issue and said, “we have been informed about a possible weakness in the database access systems at one of our subcontractors. FMTG takes the security of our customer’s data very seriously. Therefore, we are looking closely into this issue and cooperating with the subcontractor to improve their IT systems. We also informed the relevant data protection authority.”