Hospitality data breach puts more than a million credit cards at risk

2 July 2024 1 minute Author: Newsman

A hospitality management company has discovered that the full credit card and personal details of more than a million guests were leaked, putting their financial accounts at risk.

The Cybernews research team discovered a misconfiguration in Quoality’s systems that led to a serious data leak. Quoality, based in India, develops the Guest Experience (GX) hotel and guest management platform that helps manage contactless check-ins, check-outs, hotel services and payments.

Due to human error on the part of the developers, access to the guest’s financial and personal information was open to any attacker on the network. The exposed data included addresses, phone numbers, nationalities, full credit card details and other important information. The leak occurred due to a lack of proper access control in an Elastic cluster that stores large amounts of real-time data.

This leak could result in significant financial and reputational damage to Quoality and its customers. Failure to comply with standards such as PCI-DSS can result in significant fines and penalties. The company has already taken measures to eliminate the problem and blocked access to the data.

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.