AN UNUSUAL GLITCH with the Safari browser for Apple computers and devices led to an inadvertent leak of personal information for guests using Choice Hotels International’s reservation system. The company said the information leak to certain third parties with which it has business relationships occurred approximately 88,000 times from June 2015 to November 12, 2019.
Most individuals involved in the incidents have already been informed, Choice said, except for about 25 instances between June 2015 and March 2016 because information to identify the guests involved is unavailable. It issued a press release on the incident to alert those guests and others who might have been affected.
“The company recently learned of a technical issue that only occurred when a visitor to its website was using a Safari browser, typed information in a field on the page, and the browser crashed and restarted,” the company said. “Under these circumstances, Safari put information that had been typed by the visitor on the page into the website address in order to repopulate the page when the browser restarted.”
As a result of the glitch, cookies on the Choice website that usually track data sent the information to certain companies on a special page address that does not usually contain guest information. Choice did not name the companies that received the data.
“If a visitor was using Safari and was on the reservation page when the browser crashed, the information typed in fields on that page that could have been put in the website address when the browser restarted may include the name of the person making the reservation, email address, state, zip code, country code, and the number and expiration date of the payment card used to make the reservation,” the company said. “If the reservation was being made using a mixture of points and payment, the external verification value on the card may have also been in the website address.”
Choice has changed its website to prevent a recurrence of the issue and asked the third-party companies involved to delete data they may have received. More information on the crash is available here.
Last year Marriott International experienced a major data breach it said occurred when it acquired Starwood Hotels & Resorts Worldwide Hotels in September 2016 and the old reservation system was compromised. That led to a data breach that compromised the information of more than 300 million guests.