On April 10, 2020, Pacific Huntington Hotel Corporation experienced a data breach initiated through a phishing attack, granting unauthorized access to an employee’s email account. The incident, reported by the California Office of the Attorney General on August 20, 2020, exposed highly sensitive information, including social security numbers, credit card details, and governmental identification numbers of affected individuals. The breach stemmed from human error an employee falling victim to a deceptive phishing scheme allowing attackers to infiltrate the company’s internal communications. The compromised data posed significant risks, such as identity theft, financial fraud, and potential regulatory penalties under data protection laws. While the breach did not involve ransomware or a systemic shutdown, the exposure of personally identifiable information (PII) and financial records underscored critical vulnerabilities in the organization’s cybersecurity posture, particularly in employee training and email security protocols. The incident highlighted the broader threat landscape where credential harvesting via phishing remains a prevalent and effective tactic for cybercriminals targeting corporate networks.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-193314
TPRM report: https://www.rankiteo.com/company/langham-hospitality-group
"id": "lan1043090725",
"linkid": "langham-hospitality-group",
"type": "Breach",
"date": "4/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Hospitality',
'location': 'California, USA',
'name': 'Pacific Huntington Hotel Corporation',
'type': 'Corporation'}],
'attack_vector': 'Phishing',
'data_breach': {'data_exfiltration': 'Likely (email access implies potential '
'exfiltration)',
'personally_identifiable_information': ['Social Security '
'Numbers',
'Governmental '
'Identification '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2020-04-10',
'date_publicly_disclosed': '2020-08-20',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Pacific Huntington Hotel Corporation on '
'August 20, 2020. The breach occurred on April 10, 2020, '
'through a phishing attack that resulted in unauthorized '
"access to an employee's email account. The affected "
'information included social security numbers, credit card '
'numbers, and governmental identification numbers.',
'impact': {'data_compromised': ['Social Security Numbers',
'Credit Card Numbers',
'Governmental Identification Numbers'],
'identity_theft_risk': 'High (SSNs and Government IDs exposed)',
'payment_information_risk': 'High (Credit Card Numbers exposed)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Phishing Email (Employee '
'Compromise)',
'high_value_targets': ['Employee Email Account '
'(likely containing '
'sensitive data)']},
'post_incident_analysis': {'root_causes': ['Lack of employee phishing '
'awareness/training',
'Insufficient email security '
'controls']},
'references': [{'date_accessed': '2020-08-20',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California Consumer '
'Privacy Act (CCPA)',
'Potential violation of '
'Payment Card Industry '
'Data Security Standard '
'(PCI DSS)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Pacific Huntington Hotel Corporation Data Breach via Phishing '
'Attack',
'type': 'Data Breach',
'vulnerability_exploited': 'Human (Employee Email Compromise)'}