It has come to our attention that the accommodation reservation information management system (hereinafter referred to as “management system”) of Booking.com (Headquarters: Amsterdam, the Netherlands), which is used by Highland Resort Hotel & Spa, has been illegally accessed, and the possibility that the personal information of some customers may have been leaked cannot be denied.
In addition, it has been confirmed that a message was sent to some of our customers by someone who was trying to direct them to a phishing site (*).
We are currently investigating the details.
A “phishing site” is a fake website designed to look like a real website in order to fraudulently obtain personal or financial information.
・Background of the Incident
On January 24, 2024, we received a report from Booking.com and are currently investigating the possibility that someone has gained unauthorized access to our management system.
In response, we immediately changed the login password for the management system and stopped accepting new accommodation reservations via Booking.com.
In addition, we have confirmed that a message containing a URL link to a phishing site has been sent to some customers who have made accommodation reservations through Booking.com using the chat function of the management system.
If you receive such a message, please do not access the URL link attached to the message.
The cause of the unauthorized access is currently under investigation by the Company and the relevant authorities.
We have not confirmed any leakage of personal information of customers who made reservations through accommodation reservation information management systems other than Booking.com.
・Details of the Incident
Event (i).
There is a possibility that customers’ personal information (name, credit card information, address, and telephone number) contained in accommodation reservation information via Booking.com (for stays from January 24, 2024 to September 30, 2024) has been leaked.
Event (ii).
Messages containing URL links leading to phishing sites were sent to some of the customers in Event 1) via the chat function of the Booking.com management system.
・ Response to Customers
Customers falling under (2) above were contacted as necessary to alert them of the situation in order to prevent them from entering the phishing site.
・ future actions and measures to prevent recurrence
We are currently working with the relevant organizations to determine the cause of the problem, and are taking all necessary measures to prevent a recurrence.
We will report as soon as the details become clear.
For inquiries regarding this matter, please contact
Highland Resort Hotel & Spa
TEL: 0555-22-1000 (Representative)
E-mail: hrreserve@highlandresort.co.jp
