Millions of customers’ data of Prestige Software, a hotel booking platform used by both OTAs and B2B intermediates, were exposed due to a misconfigured server folder.
According to a report from Website Planet, the relevant sensitive information dates back to 2013.
The Spanish company, which sells a channel management platform called Cloud Hospitality that allows hotels to update their availability and rates on online booking sites, reportedly kept guest and travel agency data for years without proper protection.
It is understood that more than 10 million data including sensitive information such as guest names, e-mail addresses, ID numbers, phone numbers, reservation information, CVV and expiration dates as well as credit card information were affected.
Website Planet reported that although global hotel bookings were very low during this period due to the pandemic, there were more than 180,000 records in the respective folder as of August 2020 alone.
Since Prestige Software is headquartered in Spain, the company may face GDPR actions as a result of the breach. If it is confirmed that the company was negligent, the firm could be fined up to € 20 million, or 4% of its annual global turnover.
British Airways was fined 20 million pounds and the Marriott hotel group 18.4 million pounds for data breaches in recent weeks .