August 12, 2020

Volume X, Number 225

August 11, 2020

Subscribe to Latest Legal News and Analysis

August 10, 2020

Subscribe to Latest Legal News and Analysis

Choice Hotels Contacts 700,000 Customers About Data Breach Caused by Vendor

In another example of a data breach allegedly caused by a vendor, Choice Hotels is contacting approximately 700,000 of its customers regarding a data breach caused by a third-party vendor that “copied the impacted data from our environment without authorization” to its server. While the data was being transferred to the third-party vendor’s server, it was accessible on the internet for a few days.

According to Choice Hotels, although much of the information was “fake” (we are interpreting that to mean that it was test data as opposed to production data), some of the information did include the real information of guests, including names, addresses, telephone numbers and email addresses.

When researchers notified Choice Hotels of the exposed data, it contacted the vendor, which then deleted the database from its server, and Choice Hotels “ended its relationship” with the vendor.

In light of the compromising situation regarding its data, Choice Hotels is recommending to its affected customers that they be aware of phishing emails, texts and mailings , which is something customers should be doing anyway.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume IX, Number 234


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...