Insights & White Papers

Travel Industry Remains a Target for Hackers

By Cybersecurity Group

Mergers & Acquisitions, Cybersecurity

The travel industry remains a prime target for threat actors, as many travel companies continue to store people’s personal information, credit cards, and travel plans.

Travel Industry Remains Major Target

The travel industry has been an attractive investment area for Private Equity, showing around 5% growth every year. PE has shaped the industry over the last year with investments in technology tools like Switchfly and Travelport to search engines and tailored travel experiences such as Getaroom, Travel Counsellors, Neilson Holidays. Loyalty programs are an interesting space for PE as they can be undervalued when combined with travel supplier’s flight or hotel operations. If you caught the SharkTank episode featuring RewardStock, all this was likely behind Mark Cuban’s decision to invest.

The travel industry is also a prime target for threat actors, as many industry companies store people’s personal information, credit cards and travel plans. Last fall, Cathay Pacific acknowledged that its computer system was compromised for a seven-month period, exposing personal data and travel histories of 9.4 million people. Cathay’s shares fell the day of the announcement and were slow to bounce back. Both British Airways and Delta Airlines also suffered separate security breaches last year that sent their stocks tumbling. All of these are on top of the well-publicized Marriott-Starwood data breach, which impacted 500 million guests over a four-year period.

Just a few weeks ago, a security researcher identified a software vulnerability that exposed passenger name records (PNR) in the Amadeus booking system, a Madrid-based company that serves customers across 500 airlines including United Airlines, Air France, Air Canada. While Amadeus has not yet detected actual theft, the security flaw made it easy to access PNRs and edit itineraries with a booking reference number.

All of this may prompt you to rethink your own cyber hygiene when traveling: Get a privacy screen when traveling to minimize shoulder surfing; use a VPN; create complex and unique passwords and change them often. There are entire trainings dedicated to good travel security habits.

We encourage this reflection and heightened vigilance on a personal level, and certainly on a corporate level. PE firms should take an extra look at any of their portfolio companies in the travel, hospitality, loyalty space and take the necessary steps to ensure customer data is protected.  Applying a strategic approach to security will empower companies to identify and prioritize their sensitive assets so they can proactively safeguard them.

By Cybersecurity Group