HQ/EMEAFind out how we can help your business
The SevenRooms customer relationship management platform has confirmed that its system suffered a data breach attack after its data was spotted by researchers being sold on a hacking forum.
SevenRooms is a platform used by well-known hospitality service providers and restaurant chains, such as the Mandarin Oriental, Wolfgang puck, MGM resorts, and Bloomin’ Brands.
Based on reports, an unidentified threat group posted samples of stolen data from the platform on a hacking forum. The publisher of the stolen data claimed that it had stolen over 400GB of a database containing files and information about customers.
The stolen data samples from the publisher include folders named after clients, restaurant chains, promo codes, payment reports, API keys, and reservation lists.
SevenRooms confirmed that the data breach was caused by unauthorised access to the systems of one of its vendors.
A spokesperson from SevenRooms explained that hackers accessed their third-party vendor’s file transfer interface without their admins’ authorisation. The incident might have impacted some of the documents transferred to them or their users.
Fortunately, the company assured everyone that their guest’s credit card data, bank account information, SS numbers, or any critical information were not stored by them on the breached server.
In addition, the SevenRooms admins declared no direct breach on their systems, which remained safe against unwanted external access.
According to the platform’s representative, their security team has quickly disabled access to the interface, deployed an internal investigation, and has yet to find any evidence of any databases being maliciously used outside their servers.
They have employed a resident cybersecurity expert to aid them with their investigation. The company stated that they would provide more details regarding the incident if necessary.
Cybersecurity experts believe there will be more follow-up notifications from the company as the investigation continues. As of now, it is still being determined if what SevenRooms user is affected by the breach.
