
700k Choice Hotels records leaked in data breach, ransom demanded - LinuxBender
https://www.zdnet.com/article/700000-choice-hotels-records-leaked-in-data-breach/
======
gregmac
> exposed MongoDB instance

> Choice Hotels says the database, while linked to the firm, was operated by a
> partner vendor and no internal Choice Hotels servers were accessed. "The
> vendor was working with the data as part of a proposal to provide a tool," a
> Choice Hotels spokesperson said.

> Due to the security lapse, the hotel franchise will not be working with the
> unnamed vendor in question.

I get the legal and business reasons not to name the vendor -- but at the same
time, the only real punishment for this vendor is definitely not getting a
contract with Choice Hotels.

(quotes from [https://www.zdnet.com/article/700000-choice-hotels-
records-l...](https://www.zdnet.com/article/700000-choice-hotels-records-
leaked-in-data-breach/))

~~~
TheLastPass
Until someone who has the authority to approve purchase orders but wasn't in
the loop on this decides to use this vendor again.

~~~
knd775
A lot of companies have company-wide vendor blacklists.

------
SilasX
The average American now has [[5321]] days of free credit monitoring.

~~~
tyingq
Heh. 14.5 years.

------
cbron
> The message claimed that 700,000 records had been stolen and backed up
> elsewhere and demanded 0.4 Bitcoin (BTC), approximately $4,000 at the time
> of writing, from the owners.

Not even a full bitcoin.

------
otterley
Source article: [https://www.comparitech.com/blog/vpn-privacy/choice-
hotels-d...](https://www.comparitech.com/blog/vpn-privacy/choice-hotels-data-
leak/)

