The recent cyber attack on Omni Hotels & Resorts prompted the 'shutdown'. [of] “Systems to protect and contain data,” experts remind guests of the actions they can take to stay digitally safe and consider the risks facing the hospitality industry as a whole.
Following the cyberattack on Friday, March 29, the company said in a statement: “We are currently working to determine the scope of the incident, including its impact on data and information maintained on Omnisystems.” mentioned in. We collaborate with external experts in this process. ”
When Omni learned of the issue, it shut down some systems, “most of which have been restored,” and “has begun an investigation with its leading cybersecurity response team, which is ongoing.” Ta.
The Dallas-based luxury hospitality chain, which has more than 50 properties across the U.S. and Canada, first identified the outage on social media. Omni said it will “post relevant updates” on its cyber attack updates page “as new communications may be shared” and in the meantime, guests can ask any questions about their stay or experience. If so, you can contact your travel planner or hotel directly, he said.
“Our team is working diligently to restore our remaining systems to a fully functional state and will continue to welcome customers and accept new reservations,” the company statement continued. “We apologize for the disruption and inconvenience this cyber-attack has caused. The care and comfort of our guests remains our top priority and we remain committed to providing the omni experience our guests have come to expect. I would like to thank all the teams for their hard work.” ”
Omni and the hotel chain's owner, TRT Holdings, did not immediately respond to ABC News' requests for additional comment.
Initial failures included reservations, hotel room door locks, and point-of-sale systems going down.
How to keep guests safe if your hotel falls victim to a cyber attack
Chris Pearson, CEO of BlackCloak, is a cybersecurity expert with more than 25 years of private and government experience in the industry, including hospitality customers, and is an expert on how to protect yourself after a breach. He told “Good Morning America” the steps people should take.
“Every company will be targeted by cybercriminals,” Pearson said. “Data breaches, ransomware attacks, extortion, credit card information theft are all real facts. The important thing is to know how to deal with them. What to do and what to know. It’s about knowing.”
“If you are a consumer of a compromised hotel, the greatest immediate impact could be financial,” he continued. “It's important to make sure you know what credit card information is contained and used at that hotel. Monitor that credit card for signs of fraud or identity theft, perhaps Switching that credit card is also something you should consider doing. ”
“The second thing would be the information you provided or sent to the hotel,” he continued. “Did you give him your name, address, phone number, email address information?…Beware of scams such as phishing and other types of social engineering attacks.”
Pearson said domestic travelers should check to see if they have provided their driver's license information, and international travelers should check to see if they have provided their passport information.
“That information could then be used for further identity theft or make you more susceptible to fraud,” Pearson added.
Why hotels and hospitality industries are vulnerable to cyberattacks
Pearson, a former cybersecurity advisor for the Department of Homeland Security, explained why the hospitality industry is vulnerable to cyberattacks like the one against Omni Hotels & Resorts.
Pearson said that when cybercriminals target specific industries or companies, “they're looking for the biggest reward at the most opportune time possible” and that for service-oriented businesses, “that's what they're looking for.” “It will speed up the time clock on the side,” he added. Hour by hour, day by day, week by week, I feel that industry is in decline. ”
“Especially in the hospitality industry and the transportation industry, if they can't get up and running, they literally lose money every minute, every hour, every day, every week,” he said. “It allows for faster decision-making. [by a company] It's about getting up and getting the client back on the platform, back in the hotel room, back into the service experience they were meant to be. ”
How hotels respond to cyber security attacks
“The various hotels that have been in the news are all victims. [guests] They can trust that their information will remain safe,” Pearson said. He currently specializes in digital executive protection for corporate executives, boards of directors, and other high-value targets, including employees and their families.
“When you have a breach, obviously there's a certain loss of trust there. But cybercrime, cyberattacks, ransoms, data breaches, all that stuff is a fact of life and it's going to hurt most major companies.” he continued. “What consumers need to be careful about is 'Are companies communicating with me? Are companies communicating with me in a clear, ethical and consistent way? What's in my best interest? Are they providing me with an explanation?’ What do they know at that point?”
Pearson said the U.S. Securities and Exchange Commission's latest guidance, which states that “publicly traded companies must disclose material cyber incidents within four days,” “could cause further confusion for consumers.” Ta.
“The initial statement is all going to be to say, 'We're investigating something that happened, but we're still in the early stages of the investigation, so we're going to tell you exactly what happened. As a result, we can't say anything. We don't know any details or other details,” Pearson said. “Providing that type of disclosure may actually cause more frustration than him waiting a week until he has more information.”
Pearson said the response to all data breaches takes “about seven to 14 days until the company actually has all the pertinent details needed to more fully disclose what happened.” He said it could happen.
Precautions businesses take to ensure the safety of guest and customer information
Pearson outlined several steps business leaders can take to prevent attacks.
The first step is to “make sure you have a cybersecurity program in place, update it at least annually, and understand the threats and risks around it,” he said.
Second, “making sure there is governance and oversight from the board level and executive level for that program from an enterprise risk management perspective,” he said. He added that risks need to be “absolutely clear” to “reliably mitigate them.”
“Number three is making sure you have all the right things in place for incident response, because events happen,” he said. “Making sure you know what they are, when they happen, what to do when they happen, and how to respond is going to be another important part.”
