The Prestige Software data breach has exposed millions of guest records online in a breach from their online cloud database.
Prestige Software operates one of the biggest hotel online services. This includes Booking.com, Expedia, and Hotels.com all using their online reservation software.
It is unknown yet if the information has been accessed by criminals and remains to be seen if the data will be used in a malicious way. In response to the breach, Prestige Software said:
‘We have informed our clients, keeping them updated on the incident as well as on its main features. In conclusion, we have taken measures to diligently react to this incident which, according to the information that we are managing right now, should actually have had very limited effects.’
The Prestige Software data breach
The Prestige Software data breach is understood to have stemmed from an unsecured cloud database. It is understood that Prestige Software had been storing information on an Amazon Web Services database for some seven years, and the database was not secure. This has resulted in millions of records being stored on the database.
The Prestige Software data leak was discovered by Website Planet who reportedly found security anomalies and risks among Prestige Software’s cloud database. Website Planet were easily able to hack into the cloud database, gaining access to millions of guest users records, and create a report on the security failures. Website Planet said anyone who wishes to hack into the database could do so, leaving the sensitive data of millions exposed.
Data exposed in the Prestige Software breach
In Website Planet’s report, they state that individual documents contained:
- Email addresses;
- Telephone numbers;
- ID numbers;
- Payment card details, including names, CVV and expiry dates;
- Details of the hotel reservations.
The data on the files included information from as far back as 2013 and had 180,000 records from just one month in 2020. It is said that the log files for 10 million individuals was affected, although it was difficult to say an exact figure.
Prestige Software told Verdict that: ‘Part of such data was made publicly visible for a very limited time without having been detected any actual access and use of the data beyond the one executed by Website Planet’.
Whilst Prestige Software is denying that anyone else had access to the database, at this stage, it is difficult to tell for sure. Is it unlikely that the database has not been accessed for the last 7 years when it holds such high numbers of data? Considering hackers use the same methods to find exposed data, the risks are real.
Have you been affected by the breach?
If you have been informed that your personal data was involved in the Prestige Software data breach, we would like to hear from you. You could be eligible to make a data breach compensation claim with us today.
We are a highly experienced law firm who has been at the forefront of data breach action since 2014. We know how difficult it can be to lose control of your personal data and are here to fight for you to help you get the justice you deserve.
Contact us today to start your No Win, No Fee claim.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a Callback from our team!
Fill out our quick call back form below and we’ll contact you when you’re ready to talk to us.
All fields marked * are required.
You have the right to object to the processing of your personal data.