In 2024, hospitality faced an onslaught of cyber threats, from sophisticated Booking.com scams to the emergence of AI-driven risks like deepfakes.

In this week’s feature of the VENZA Echo, we’re exploring the top cybersecurity events that defined 2024, shedding light on the incidents that left a mark on the industry.

Top Stories

1. Booking.com Scams

In 2024, one of the most persistent and alarming threats to hoteliers stemmed from the exploitation of Booking.com’s partner portal.

Following a breach disclosed in late 2023, cybercriminals targeted hotel partners with relentless schemes to steal portal credentials. Once infiltrated, attackers posed as the hotel, messaging guests to steal their credit card information.

While this threat originated last year, it escalated significantly this year. Attackers shifted from basic malware tactics to deploying advanced phishing kits that convincingly replicated official Booking.com communications, even bypassing multifactor authentication.

2. Marriott’s $52 Million Settlement

In a landmark agreement with the U.S. Federal Trade Commission earlier this year, Marriott International was ordered to pay a $52 million settlement and significantly reform its information security practices.
This resolution follows a series of data breaches between 2014 and 2020 that exposed the personal information of 344 million guests.

Under the settlement, Marriott was required to establish a 20-year cybersecurity program featuring mandatory encryption, employee training, and third-party audits, while also granting U.S. guests the right to request data deletion.

3. Omni Hotels & Resorts Data Breach

In March, Omni Hotels & Resorts fell victim to a ransomware attack that exposed the personal data of 3.5 million guests and caused significant operational disruptions across its 50 U.S. properties.

Criminals breached the hotel chain through vulnerabilities in the point-of-sale system, compromising customer names, email addresses, and guest loyalty program information.

While the attackers demanded a $3.5 million USD ransom, it remains unclear whether Omni paid to restore operations.

4. Deepfake Threats

Artificial intelligence (AI) brought transformative advancements to hospitality in 2024, but it also unleashed significant new threats.

Chief among these was the rise of “deepfakes.” This cloning and video manipulation technology significantly escalated vishing threats to individuals and businesses.

Recent studies show that 1 in 10 individuals have already been targeted by deepfake scams, with 77% of victims suffering financial losses. Moreover, over half of companies in the U.S. and UK reported being targeted by deepfake-related fraud in 2024.

5. Data Privacy Regulation

This year marked significant advancements in global data regulation, with new privacy laws and expanded frameworks addressing the rise of artificial intelligence (AI).

In the absence of federal action, U.S. state legislatures enacted seven new privacy laws. An additional 41 bills remain under consideration.

The European Union implemented its landmark, AI regulation in August and the UK introduced a voluntary AI Code of Practice in May—both aim to tackle data protection and cybersecurity challenges related to AI.

Additionally, the EU’s Network and Information Security Directive (NIS2) took effect in October, setting stricter cybersecurity standards with a wide-ranging impact.

Conclusion

From sophisticated Booking.com scams to deepfake-driven fraud and ransomware attacks, 2024 highlighted the pressing need for proactive cybersecurity in hospitality. Meanwhile, the rapidly evolving data privacy landscape added pressure on hoteliers to navigate stricter compliance requirements.

Feeling overwhelmed? Don’t worry. As the leading experts in hospitality cybersecurity and data protection, VENZA offers tailored solutions for defense, ensuring your hotels stay secure, compliant, and ready for the challenges of 2025 and beyond.

***

Take VENZA’s free Phishing Test to assess gaps in your human firewall today!

Training your personnel to recognize and report phishing attempts is essential to protecting your guests and their data. Get started by determining your risk and readiness level using this free tool.

***

Want to stay informed? Subscribe to the free VENZA Echo now. You’ll receive a monthly digest with the highlights of our weekly article series and important product updates and news from VENZA.