Search module is not installed.

Eight Shangri-La hotels hit by data breach

01.10.2022

SINGAPORE: Eight Shangri-La hotels in Asia, including Singapore and Hong Kong, were hit by a data breach, potentially exposing guest information such as names, email addresses and phone numbers.

A sophisticated threat actor has been called in to investigate unauthorised activities on Shangri-La's IT network after the discovery of unauthorised activities, according to an email to customers on Friday night Sep 30. The hotel chain said a sophisticated threat actor has been able to bypass Shangri-La s IT security monitoring systems and accessed guest databases between May and July 2022, according to Brian Yu, Shangri-La Group's senior vice president of operations and process transformation.

The affected hotels are the Island Shangri-La, Kerry Hotel and Kowloon Shangri-La in Hong Kong, Singapore's Shangri-La Apartments and Shangri-La Singapore, Shangri-La Chiang Mai, Shangri-La Far Eastern in Taipei and Shangri-La Tokyo.

The investigation has confirmed that certain data files have been exfiltrated from these databases, said Mr Yu.

The databases contained a combination of guest names, email addresses, phone numbers, postal addresses, Shangri-La Circle membership numbers, reservation dates, and company names.

Mr Yu said that there was no evidence that the personal data has been misused or released by third parties and that it is clear that information such as passport numbers, ID numbers, dates of birth and credit card numbers are encrypted.

As an added precaution, we are offering affected guests a one-year complimentary identity monitoring service from Experian, a third-party service provider, in destinations where local regulation permits. The identity monitoring service is optional and guests can decide how much information they include.

Shangri-La Group is cooperating with the authorities on the matter.

As apologising to guests in the email, Mr Yu said: "The protection of our guests' information is very important to us and we wish to assure you that all necessary steps have been taken to strengthen the security of our networks, systems and databases.