Travel Securely Securely Travel
The title says it all. A reservations platform hosted by AutoClerk (owned by Best Western) didn’t do what they needed to when configuring their data stores, and that is locking the door. In doing so they made available the travel information on thousands of US government personnel from the military, and other government agencies on official travel.
Security researchers at vpnMentor discovered that AutoClerk had misconfigured their Amazon Web Services storage which contained over 179 GB of information which were connected to property management systems, booking systems and data services.
The type of personal data exposed included:Reservations for hundreds of thousands of travel arrangements, and also included full name, date of birth, home address, phone number, dates and costs of travel, partial credit card data and in some cases check-in data and room identification.
What vpnMentor doesn’t share is who the government contractors were that used the Autoclerk services beyond saying that it included: HAPI Cloud, OpenTravel, myHMS, CleanMeNext by Autoclerk and Synxis by Sabre Hospitality Solutions.
If you are a military or government traveler, watch your inbox for notification that your “official travel” details may have been exposed.
