Eight Shangri-La hotels in Asia, including Singapore and Hong Kong, were hit by a data breach, potentially exposing guest information such as names, email addresses and phone numbers.
[…]
“The investigation revealed that between May and July 2022, a sophisticated threat actor managed to bypass Shangri-La’s IT security monitoring systems undetected and illegally accessed the guest databases,” said Mr Brian Yu, Shangri-La Group’s senior vice president of operations and process transformation.
The affected hotels are the Island Shangri-La, Kerry Hotel and Kowloon Shangri-La in Hong Kong, Singapore’s Shangri-La Apartments and Shangri-La Singapore, Shangri-La Chiang Mai, Shangri-La Far Eastern in Taipei and Shangri-La Tokyo.
“The investigation confirmed that certain data files had been exfiltrated from these databases,” said Mr Yu.
Read more at Channel News Asia. The reporting does not indicate whether there was any ransom or extortion demand by the threat actor(s) or who they might be.
Related coverage by the South China Morning Post indicates that 290,000 guests were affected and that the data protection commissioner was not happy at the delay in notifying their office and customers.