700,000 Hit by Choice Hotels Data Breach: What to Do Now

Neon sign proclaiming 'MOTEL'.
(Image credit: gabriel12/Shutterstock)

If you've stayed at a Clarion, Comfort Inn, EconoLodge, Quality Inn, Rodeway Inn or any of half a dozen other hotel and motel chains lately, you may see an uptick in spam and phishing scams.

That's because Choice Hotels, the parent organization of those franchise chains, suffered a data breach in which records of 700,000 guests were stolen, according to Comparitech, which reported the breach today (Aug. 13).

The affected data includes full names, addresses, email addresses and telephone numbers. No credit cards, passwords or Social Security numbers were compromised.

To prevent this breach from affecting you, make sure you have robust antivirus software running on your computer, even if it's a Mac, because good AV suites can protect against phishing attacks and filter spam. 

MORE: What to Do After a Data Breach

You'll have to watch out for SMS text-message phishng ("smishing") and voicemail phishing ("vishing") as well, and that's going to have to be up to you. 

If you get a link in an unsolicited text message, don't click on it; if a robocall or live caller tells you that your Apple, Google or Facebook account has been hacked, don't believe it.

Comparitech worked with independent security researcher Bob Diachenko, who specializes in finding unprotected databases online. 

On July 2, two days after this database (which Choice Hotels said was run by a third-party vendor) was indexed by a search engine, Diachenko checked it out. But someone else had beaten him to it, copied the data and left a ransom note asking for 0.4 bitcoin, or about $4,300 at today's exchange rates.

Comparitech says Diachenko notified Choice Hotels, which got the database owner to secure it, but took no further action. Nudged again by Diachenko at the end of July, the company launched an investigation.

Unfortunately, we don't know how far back the data goes, so we can't give a time window during which someone who checked into a Choice Hotels franchisee might have been affected. 

"We have discussed this matter with the vendor and will not be working with them in the future. We are evaluating other vendor relationships and working to put additional controls in place to prevent any future occurrences of this nature," Choice Hotels told Comparitech.

The database was apparently being used for testing purposes, so the number of compromised accounts is far lower than the total number of guests who've stayed in a Choice Hotels-affiliated establishment in the past few years.

Choice Hotels "currently franchises more than 7,000 hotels, representing nearly 570,000 rooms, in more than 40 countries and territories" worldwide, the company website states.

Aside from the hotel and motel chains listed above, Choice Hotels franchises and handles most bookings for the Ascend Hotel Collection, Cambria Hotels, MainStay Suites, Sleep Inn, Suburban Extended Stay Hotel and WoodSpring Suites.

Most of the individual establishments are independently owned and operated.

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Online Security
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in News
CAD renders of the Google Pixel 10
Pixel 10 could include a repurposed ‘Pixie’ assistant — but what actually happened?
iOS 19 logo on an iPhone
iOS 19 redesign mockups emerge — but not everyone is convinced
Sony WF-C710N
Sony's latest budget ANC buds have arrived with a fancy new color
Bill Gates in 2019
Bill Gates just predicted the death of every job thanks to AI — except for these three
ChatGPT advanced Voice Mode
ChatGPT's Advanced Voice Mode just got a free upgrade — here's what's new
NYTimes Connections
NYT Connections today hints and answers — Wednesday, March 26 (#654)