Back in November 2020, Prestige Software, a hotel reservation platform used by Hotels.com, Booking.com, and Expedia, left data belonging to “millions” of guests exposed on a misconfigured Amazon Web Services (AWS) S3 bucket. Over 10 million individual log files were exposed. Each of these records exposed sensitive and personally identifiable information (PII), including names, email addresses, national ID numbers, phone numbers, reservation information, and credit card details, including CVV and expiration date. Website Planet reports that the S3 bucket contained over 180,000 records from August 2020 alone, despite global hotel bookings being at an all-time low for this period.
SC Magazine spoke to SureCloud’s Craig Moores, Practice Director, Risk Advisory for his expert insight into data breaches. Here are his full comments: