[BreachExchange] Hotel Guests Locked Out of Rooms After Ransomware Attack

[Terrell Byrd]

https://www.infosecurity-magazine.com/news/hotel-guests-locked-out-rooms/

A popular Scandinavian hotel chain has warned that a recent ransomware
attack may have led to the theft of personal information related to
bookings, while current guests are struggling with longer waiting times at
check-in.

Nordic Choice runs around 200 locations across the region, with brands such
as Comfort, Clarion and Quality.

It claimed to have been hit last Thursday with a ransomware attack which
impacted “the hotel systems that handle reservations, check-in, check-out
and creation of new room keys.”

One guest took to social media to explain that hotel staff were forced to
personally escort guests upstairs to their rooms because key cards were
out-of-action.

A press release dated Monday failed to mention the problem with room keys
but revealed that the Conti variant was to blame. Conti has been
responsible for large-scale attacks on Ireland's Health Service Executive
(HSE) and an outrageous $40m ransom demand aimed at Broward County Public
Schools in the US.

Nordic Choice claimed to have put in place “replacement solutions” at most
of its hotels to maintain operations following the incident, and has
informed the relevant Norwegian authorities. However, current, former and
future guests were warned about potential data theft.

“Our investigations do not currently give any indication that data has been
leaked, but we can’t guarantee that is the case. Therefore, the incident
entails a risk that information about the guests' bookings may be lost,”
the release stated.

“This information consists of name, email address, telephone number, date
of the visit and any information the guest may have provided in connection
with their visit. We do not know for sure yet, but since we see that there
may be a risk that such information is leaked, we choose to inform about it
now, so that our guests can be extra alert to any suspicious text messages,
phone calls or emails.”

The hotel chain said it had not sought to engage with its attackers, nor
had they contacted the firm at the time of writing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211213/6a37a83f/attachment.html>