Travel Reservations Platform Autoclerk Leaks U.S. Government Personnel Data

A vpnMentor’s research team discovered a breach in a database belonging to Autoclerk, a reservations management system owned by Best Western Hotels and Resorts Group. A victim of this leak was the U.S. government, military and Department of Homeland Security, says the research.

A few weeks prior to the research team discovering the leak, Autoclerk was bought by Best Western Hotel & Resorts Group, potentially exposing one of the biggest hotel chains in the world.

The leak exposed sensitive personal data of users and hotel guests, along with a complete overview of their hotel and travel reservations. In some cases, this included their check-in time and room number. It affected thousands of people across the globe, with millions of new records being added daily, says the report. The leak exposed highly sensitive data exposing the personal details of government and military personnel, and their travel arrangements to locations around the world, both past and future.

Examples of Entries in the Database

The database was hosted by Amazon Web Servers in the USA, containing over 179GB of data. Much of the data exposed originated from external travel and hospitality platforms using the database owner’s platform to interact with one another. The client platforms affected include property management systems (PMS), booking engines and data services within the tourism and hospitality industries, says the report.

Personal & Travel Data Exposed

As the platforms exposed in this leak focused on travel and hospitality, the database contained 100,000s of booking reservations for guests and travelers.

The information of people making reservations exposed includes:

Full name
Date of birth
Home address
Phone number
Dates & costs of travel
Masked credit card details

On certain reservations, once a guest had checked in to a hotel, their check-in time and room number also became viewable on the database. All this information is incredibly valuable for criminal hackers and online thieves, says the report.

US Government Data

One of the platforms exposed in the database was a contractor of the US government, military and DHS. The contractor manages the travel arrangements of U.S. government and military personnel, as well as independent contractors working with American defense and security agencies.

The leak exposed the personally identifying information (PII) of personnel and their travel arrangements. The research team viewed logs for U.S. army generals traveling to Moscow, Tel Aviv and many more destinations. They also found their email address, phone numbers and other sensitive personal data.

To find out more, visit vpnMentor's website.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

Employees don’t feel prepared to navigate an increasingly dangerous world, and they expect their employers to not only care about their personal safety, but to actively keep them safe.

Travel Reservations Platform Autoclerk Leaks U.S. Government Personnel Data

Examples of Entries in the Database

Personal & Travel Data Exposed

US Government Data

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Travel Reservations Platform Autoclerk Leaks U.S. Government Personnel Data

Examples of Entries in the Database

Personal & Travel Data Exposed

US Government Data

Share This Story

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.