Prestige Software

Prestige Software, a hotel reservation platform provider, suffered a data breach affecting customers of major booking sites including Booking.com, Expedia Group, Hotels.com, and Agoda.

What Happened

Hackers compromised Prestige Software's systems, which powered reservation and property management systems for hotels listed on major online travel agencies (OTAs). The breach exposed customer booking information including names, contact details, addresses, payment card information, and in some cases, passport numbers provided during hotel bookings.

The supply chain nature of the breach meant that customers who booked through major platforms like Booking.com and Expedia were affected even though those platforms themselves weren't directly breached. The incident demonstrated the risks of third-party providers in the travel and hospitality ecosystem.

Impact on Individuals

Affected travellers faced significant risks including credit card fraud from exposed payment details and identity theft from compromised passport information. The combination of personal details, travel information, and financial data created comprehensive profiles that could enable sophisticated fraud.

Organisational Response

Prestige Software worked to secure systems and notify affected hotel partners. Major OTAs like Booking.com and Expedia began their own investigations and customer notifications. The incident highlighted the need for stringent security requirements for third-party providers handling customer payment and identity information in the travel industry.