Prestige Software

Summary

Prestige Software’s Cloud Hospitality exposed 24.4 GB worth of data due to a misconfigured Amazon Web Service (AWS) S3 bucket. Cloud Hospitality is a widely-used software solution that integrates reservations systems with online booking websites such as Booking.com, Expedia.com, and Hotels.com. Exposed data includes guests’ full names, email addresses, national ID numbers, phone numbers, reservation details, credit card numbers, CVVs, and expiration dates. Over 10 million individual log files have been identified and date from 2013 to as recent as August 2020. Prestige Software is based in Spain and is subject to GDPR data regulations; however, due to the severity and the number of hotel and travel websites impacted, affected customers may not be notified for some time. This information can be used in various forms of cyberattacks, financial fraud, reservation takeover, and identity theft. Travel websites and agencies that use the Cloud Hospitality platform are encouraged to inform customers that their information may have been exposed and provide them with mitigation resources to protect their identity, such as freezing their credit.