Talk to an expert


Cybersecurity Solutions for the Travel Industry

Whether you’re an international luxury travel company or a local hospitality group, Lumifi provides industry-leading managed detection and response cybersecurity services with an emphasis on white-glove service and first-rate results.

Get Started

Protect your organization from threats across the globe 

Travel, transportation and hospitality companies keep the world moving, but also generate massive amounts of customer data. Between payment information, personally identifying guest data (names, addresses, emails), employer information, and vendor data, the travel industry must maintain high cybersecurity standards. 

Without sophisticated and layered protection, travel companies run the risk of breaches that affect their employees, customers, and corporate relationships.


Protect Your Customers 

Travel and transportation companies that have been targeted experience large volumes of customer data being stolen. As a result of the record-breaking Marriott breach in 2018, the company had to set up consumer-facing self-service online portal for past guests to determine if their information was exposed. Other travel companies have offered free credit monitoring and identity protection services in order to try to restore trust. 

Proactive defense means preserving your organization’s integrity and reputation with clients and vendors. Attacks will happen, how your organization is able to defend itself internally (and publicly) makes all the difference.


Go Beyond Email Filters 

Many of the attacks perpetrated against travel and hospitality involve email phishing campaigns. Spam filtering alone will not prevent sophisticated attacks. Once a breach has occurred via an email attack, having a backup of advanced threat hunting can find these breaches before they do any harm. 

Make sure your organization has additional email security measures, as well as continuous monitoring. 


Expanding Attack Surface 

The travel industry has adopted more digital services such as online reservations, check-ins, mobile apps, IoT devices and beacons. As consumers expect more mobile and online solutions, an organization’s attack surface expands. 

Having leading technology goes hand-in-hand with best-in-class security solutions like log collecting, SIEM software, and endpoint detection and response.


Notable Breaches 

Here are a few recent notable breaches within the travel and hospitality industry: 

Hotel: Marriott Starwood Data Breach 

In 2018, Marriott International reported 500 million records stolen from its Starwood Hotel reservation system after its acquisition in 2016. The hack lasted from 2014 to 2018 and included Starwood’s brands including Sheraton, Westin, Le Meridien, Aloft, The Luxury Collection, and W Hotels. 

The attack exposed personal data from guests, including payment card numbers. Marriott said compromised data could include passport details, phone numbers and email addresses. For some others, it could include credit card information.  

Then, earlier this year, Marriott suffered another data breach. This time, it is estimated 5.2 million records were stolen. While significantly less than their previous breach, the company came under fire again. 

As a result, 11 class action lawsuits were filed against them, but were consolidated into one multidistrict litigation in February 2019, according to Top Class Actions.  

Airline: British Airways 

In 2018 the airline had a breach that exposed sensitive data of about 500,000 customers. A hacking group infiltrated the payment system and log data being entered by customers paying for tickets through the company’s website and mobile app. Records were exposed for over two weeks before being detected. 

The company also faces a hefty $230 million fine, cited by the United Kingdom’s Information Commissioner’s Office (ICO) for General Data Protection Regulation (GDPR) violations. 


Cruise: Princess Cruises 

Princess Cruises, part of Carnival Cruises, experienced a cyber-attack in May of 2019. The attack came via an email directed at employees, according to Cyber Security Hub. Information obtained by hackers included names, social security numbers, passport information, and other government identification, national identity cards, health-related data, and financial information such as credit card numbers. 

The attack prompted the company to provide credit monitoring services and identity protection services for free. 

Hire the best 

Make sure your clients’ data receives five-star protection. Make sure your company is prepared to handle sophisticated cyber security attacks. Our security team is standing by 24/7/365, ready to help you craft a tailored, resilient cybersecurity strategy. 

Recent Posts

Case Studies

Ready to Get Started?

We’re here to help.

Connect with a professional solutions architect today for expert guidance and consultation!

Get Started

Privacy PolicyTerms & ConditionsSitemapSafeHotline