Polaris Holdings has revealed that it suffered damage from fraudulent transfers as a result of unauthorized access to the travel reservation service Booking.com.
On May 23, the company detected an anomaly in a group account on Booking.com and launched an investigation. The subsequent investigation found that, at multiple hotels, the bank account information for receiving sales proceeds had been fraudulently altered to third-party accounts. At one hotel, a portion of accounts receivable that should have been received was instead transferred to a fraudulent account, resulting in a loss of approximately 9 million yen as of now. Similar account tampering was confirmed at several other hotels, but early response prevented fraudulent transfers from occurring there.
Around the same time, the company also confirmed that phishing messages had been sent to some guests with reservations at its hotels, and it is continuing to investigate on the assumption that information obtained through unauthorized access to the Booking.com management screen may have been misused. It is also checking for the possibility of information leakage via external reservation management systems.
At this time, no leakage of customers’ credit card information has been confirmed, but the company is still scrutinizing whether any personal information was leaked. It has implemented measures including changing the passwords for all Booking.com-related accounts at its hotels, requesting disclosure of access logs, and taking steps to prevent any further damage. The impact on business performance is currently expected to be minor.
Notice
This article was generated using automatic translation by GPT-4 API. The translation may not be accurate.
