Chinese hotel group investigates possible leak of millions of guests’ data

Mercure hotelImage copyright
Stanislav Krasilnikov

Image caption

Huazhu Hotels Group operates the Mercure brand in China

A Chinese hotel group is investigating the possible leak of millions of customers’ records, which appear to be for sale on the internet.

An advert is offering the 140 gigabyte data trove in exchange for Bitcoin on a dark web forum.

Security experts believe the firm’s database may have been accidentally uploaded to the internet.

Huazhu Hotels told the BBC in a statement that it “called the police without any delay”.

Shanghai Police is investigating the potential breach.

Data breaches are nothing new for China, but the scale of customer data involved has led to international press attention for the hotel group.

It is one of China’s largest hotel chains, operating more than 3,500 properties across 13 brands including Ibis and Mercure.

Cyber-security firm Zibao told a local news outlet that it believed the breach was a result of the hotel group’s software developers accidentally uploading a database to Github, a service where developers can collaborate.

The group told the BBC in a statement: “We have paid significant attention to this matter and immediately implemented an internal audit to guarantee the safety of our guests’ information.”

It added that it was using external companies to verify whether a leak had happened.

Chinese hotel group investigates possible leak of millions of guests’ data}