Choice Hotels targeted by the ransomware attach that exposed 700,000 customer records was apparently stole by hackers including names, addresses, email addresses, and/or phone numbers.
Using the personal information contained in the exposed database, scammers can craft targeted phishing emails.
The company says the data was hosted on a vendor’s server, and no Choice Hotels servers were accessed.
Diachenko promptly alerted the organization to the exposed MongoDB instance, but it seems malevolent parties were the ones to access it first.
They left a ransom note demanding 0.4 Bitcoin, or $3,856 as of time of writing.
Source: https://www.comparitech.com/blog/vpn-privacy/choice-hotels-data-leak/
TPRM report: https://scoringcyber.rankiteo.com/company/choice-hotels-international
"id": "cho0593423",
"linkid": "choice-hotels-international",
"type": "Ransomware",
"date": "08/2019",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 700000,
'industry': 'Hospitality',
'name': 'Choice Hotels',
'type': 'Hospitality'}],
'attack_vector': 'Exposed MongoDB Instance',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 700000,
'personally_identifiable_information': True,
'sensitivity_of_data': 'Medium',
'type_of_data_compromised': ['Names',
'Addresses',
'Email Addresses',
'Phone Numbers']},
'description': 'Choice Hotels was targeted by a ransomware attack that '
'exposed 700,000 customer records including names, addresses, '
'email addresses, and/or phone numbers. The data was hosted on '
'a vendor’s server, and no Choice Hotels servers were '
'accessed. Hackers left a ransom note demanding 0.4 Bitcoin, '
'or $3,856.',
'impact': {'data_compromised': 'Customer Records',
'identity_theft_risk': 'High',
'systems_affected': 'Vendor’s Server'},
'initial_access_broker': {'entry_point': 'Exposed MongoDB Instance'},
'motivation': 'Financial Gain',
'ransomware': {'data_exfiltration': True, 'ransom_demanded': 0.4},
'title': 'Choice Hotels Ransomware Attack',
'type': 'Ransomware Attack',
'vulnerability_exploited': 'Exposed Database'}