The hotel reservation information management system (hereinafter referred to as “management system”) of Booking.com, a company used by Hotel Granvia Osaka, was illegally accessed, and the possibility that personal information of some guests may have been leaked cannot be denied.
In addition, it has been confirmed that a message was delivered to some customers by a malicious individual that directed them to a phishing site.
We are still investigating the details of both cases, and deeply apologize for any inconvenience and concern this may cause to our customers.
1. Circumstances of the incident
On May 29, 2023, after receiving a report from Booking.com, we investigated and found that the management system was illegally accessed by a malicious individual.
In response, we immediately changed the login password for the management system and stopped accepting new accommodation reservations through Booking.com. However, we cannot deny the possibility that a third party may have accessed the personal information of customers stored in the management system.
It was also confirmed that messages with URL links leading to phishing sites were sent to some customers who had booked accommodation through Booking.com, using the chat function of the management system.
If you receive such a message, please do not access the URL link attached to it.
The cause of the unauthorized access is currently under investigation by the Company and related organizations.
We have not confirmed any leakage of personal information of customers who have made reservations through accommodation reservation information management systems other than Booking.com.
2. Incident Description
It is possible that personal information (name, credit card information, address, and telephone number) of customers contained in accommodation reservation information (for stays between May 1, 2022 and March 31, 2024) via Booking.com, Inc. has been leaked.
A message with a URL link leading to a phishing site was sent to some of the customers in Incident① via the chat function in the Booking.com management system.
3. Response to customers
Customers who fall under 2 above will be contacted from time to time to alert them in order to prevent them from being directed to phishing sites. For inquiries, please contact us through the following E-mail address.
4. Future actions and measures to prevent recurrence
We are currently cooperating with related organizations to investigate the cause of the problem and take all possible measures to prevent recurrence by implementing the necessary countermeasures.
We will report back as details become available.
We sincerely apologize again for any inconvenience and concern this may cause you.