Hotel group Shangri-La said a database containing the personal details of guests at eight of its Asian properties between May and July had been hacked.
The breach affected hotels in Hong Kong, Singapore, Chiang Mai, Taipei and Tokyo, but the company said it had not yet been able to determine what data had been stolen.
It said in a statement posted on its website dated September 30 that it had “recently discovered unauthorized activity” on its computer network.
Andy Vermaut shares: Eight Shangri-La hotels in Asia hit by data breach, potentially exposing guest information: Hackers successfully bypassed Shangri-La’s IT security monitoring systems undetected between May and July 2022. https://t.co/rfywvCS2Al Thank you. pic.twitter.com/oGG5Dvm6U7
—Andy Vermaut (@AndyVermaut) October 1, 2022
A “sophisticated threat actor successfully bypassed Shangri-La’s IT security monitoring systems undetected and illegally accessed guest databases,” the company said.
The hack took place between May and July, when a Shangri-La hotel in Singapore hosted Asia’s biggest security summit.
US Secretary of Defense Lloyd Austin and his Chinese counterpart General Wei Fenghe were among those attending the June 10-12 event, but it is unclear how many attendees stayed at the hotel.
Read more: Allegations The Indian government tapped the phone of a leading Indian journalist
“Some data files were found to have been exfiltrated from these databases but the investigation was unable to verify the contents of these files,” Shangri-La’s statement said.
“The databases contained customer contact details, but personal information such as dates of birth, identity and passport numbers and credit card details were encrypted.”
Shangri-La said “there is no evidence that customer data has been misused” and notified authorities and possibly affected customers.
Singaporean newspaper Straits Times quoted a spokesperson for the International Institute for Strategic Studies, which organized the security summit, as saying the gathering was unaffected by the hack.
Read more: Hackers put Pakistan flag on Indian embassy website
“Data related to the Shangri-La dialogue has been stored on a separate secure server and has not been affected by this incident,” the spokesperson said.
AFP with an additional contribution from GVS News Desk