Hospitality Data Breach Needs to Result in Heightened Awareness | Sports Destination Management

Hospitality Data Breach Needs to Result in Heightened Awareness

Aug 24, 2016 | By: Mary Helen Sprecher
What Planners Can Do to Mitigate Risk and Heighten Comfort of Registrants in Sports Events

It’s an equation that nobody benefits from. Start with individuals who travel a lot for sports – either their own or that of their kids. Then throw in a data breach at major hotel properties around the U.S. Oh, and multiply that by the fact that according to a poll, the things that scare most Americans are hacking and identity theft – and you have the bottom line of attendees who are afraid to return to an event because they know something bad took place….even though it’s not the planner’s fault.

According to Meetings & Conventions, HEI Hotel and Resorts, which owns and operates nearly 60 hotels across the United States, has reported that at least 20 of its properties (and maybe more) have been the victim of a malware attack. While the problem has now been contained, HEI believes that customer payment card data used at point-of-sale terminals at the affected properties might have been compromised. That data could include name, card number, expiration date and verification code. 

Just as a side note: Yikes.

The hotels that were hit are spread across 10 states and include properties flying flags from Hyatt, IHG, Marriott and Starwood, as well as some independent properties. The time of the breach varies by hotel, but stretches back as far as March 1, 2015, in some locations.

Want to know which properties were victimized? The list can be found here – although as noted previously, it may be more widespread.

Unfortunately, consumers who find themselves victimized by a data breach are once bitten, twice shy. According to an article in TBG Security, Baltimore-based SafeNet reported that 65 percent of customers are unlikely to do business with the same company following a hack. And in the sports economy, and particularly in a sport where athletes and their families have a choice of where to participate, it has become more important than ever to safeguard data.

While there is no way to retroactively control the problem, sports planners can help set attendees’ minds at ease for the fall season by taking a proactive stance in guarding against problems. And while no platform is 100 percent secure (as we’ve seen), the more steps you can take, the better off you’ll be.

The Society for Government Meeting Planners provides a list of safeguards, carried on John Sileo’s blog, that translate well to sports event planners; some of these are as follows:

  • Secure Your Online Reservation System. If you are going to use online registration for tournament registration, invest in a system that delivers not only efficiency, but security. It is your legal, financial and ethical responsibility to protect your attendees’ personal information. Don’t try to do it all yourself. Hire a reputable technology provider to ensure that your data is protected behind firewalls, encryption, passwords, updated operating systems, security software and safe wireless.

  • Educate Attendees. Before they ever begin their travels, attendees should read through a quick tip sheet on how to protect themselves while going to the event. (Some examples of tips can be found here and here.) Simply making them aware of some of the risks that exist while traveling (laptop or tablet theft, unprotected Wi-Fi, smartphone hijacking, etc.) will cause them to pay greater attention on-site.

  • Minimize Data Collection. Collect only the data you absolutely need and destroy it as soon as you are finished. Once you have processed credit cards, purge that information from your system. The more quickly you can properly dispose of sensitive data, the lower your risk and liability will be.

  • Minimize Physical Files. Take as few physical files with you to the event (attendee lists, etc.) as these are easily misplaced when you are traveling and distracted. The more that you can keep behind a password protected, encrypted computer, the better.

No matter what, registrants, particularly Millennials, will always prefer to make arrangements for everything (for as much as possible) online. Recent research from Mintel, after all, noted that half of Americans are trying to avoid airline personnel by making their arrangements online, and that more than half of Millennials (61 percent, in fact) favor this approach. In addition, the majority of consumers (54 percent) say they would like to stream movies or TV shows while in flight, including some 80 percent of Millennials. Consider the number of those who are traveling with children, particularly to youth sports events, and you have a lot of demand for online access while on the go.

So keeping this in mind, a sports event owner or rights holder should keep attendees engaged and aware of the importance of protecting their own information. Sileo notes that planners can warn attendees against leaving devices such as laptops, tablets and smartphones unattended. Those who are leaving the hotel room should lock their devices in the hotel room safe. Identity thieves target business travelers because they are generally rushed, distracted and carrying valuable data – and it’s not uncommon for them to keep a list of passwords and access codes in their devices, often in a cloud program.

In addition, Sileo notes, free Wi-Fi may be dangerous. If you can, set up a secure Wi-Fi system (requiring a password) for staff and event registrants so that they are not broadcasting their private information over an unprotected network (which they are doing anytime they use a free hotspot without a password). Make sure that your contact onsite understands your security needs and concerns. While you can’t eliminate risk, you can minimize it – and your visible work to do so can help put athletes and their families at ease.

About the Author