Cybercrime has become a scourge with increasingly complex and expert methods, affecting all business sectors, including travel. From targeted attacks in Italy to data collection decrees in Spain, to multiple incidents at airline giants, it's clear that travelers need to take the protection and use of their personal information very seriously.
Hackers target Italian hotels
L'Agency for Digital Italy (AgID) and the postal police recently dismantled the "Mydocs" hacker gang, which specialized in reselling personal data on the dark web. These cybercriminals targeted at least four Italian hotels, managing to steal around 90,000 host identities who had provided their documents at the time of registration.
The target structures, all four-star establishments, include the hotel Ca' dei Conti in Venice (38,000 images stolen), the Casa Dorita in Milano Marittima (2,300 documents), the Regina Isabella in Ischia (30,000), and theHotel Continental Trieste (17,000).
The stolen data includes photographs contained in identity cards and passports, as well as other documents such as driving licenses, which are sold for between 800 and 10,000 euros. This information is frequently used to commit identity theftThese documents enable fraudsters to open bank accounts, apply for loans and collect the associated sums. A peak in the number of incidents was observed between August 9 and 11, with documents offered for sale on the dark side of the web.
A global threat to the travel industry
These attacks in Italy are not isolated cases; cybercrime is on the rise everywhere. The travel sector is particularly vulnerable to cyber attacks, and has been the scene of a number of major incidents:
- The Australian airline Qantas announced that it was investigating a major" cyber attack after hackers broke into a system housing sensitive data.
- In June, Center Parcs warned that data from around 20,000 customers had been compromised.
- The consolidator Aerticket was also confronted with a major incident.
- British Airways suffered a massive data leak in 2018, affecting over 400,000 customers and a fine of 20 million pounds sterling in 2020. The incident was not detected until more than two months later.
- May 2020, EasyJet was the victim of a cyberattack that affected 9 million customers.
- WestJet has confirmed that personal and travel-related data was illegally obtained during a cybersecurity incident in June, although no credit or debit card numbers or passwords were compromised. The company has cooperated with the authorities and reinforced its security measures.
- The Group Voyageurs du Monde refused, on principle, to pay a ransom demanded in 2023.
Artificial intelligence (AI) is also under fire, as it increases the range of possibilities for hackers. Visit risk of phishing attacks has exploded with AIfraudulent e-mails are better written and quickly translated. Booking.com, which uses AI to identify attacks, was able to block 60 million e-mails with fraudulent links in just one month. In addition mirror sites fraudulent museum and theme park websites are created by cybercriminals to sell imaginary tickets.
Spain and the "Big Brother of Tourism": Controversial data collection
Alongside the risks of theft, Spain has introduced a new challenge for the protection of travelers' data. Since last December, a royal decree (933/2021) obliges tourist accommodations, travel agencies and car rental companies to collect and transmit to the authorities massive amounts of data on their foreign customers.
What travellers need to know:
- Hotels, such as the Hotel Moderno in Madrid, now ask foreign guests to fill in manually a large amount of information in addition to the usual data.
- It's not just the name or ID number, it's also the telephone number, place of birth, relationship to other travellers, payment details, even travel habits over the last three years.
- A minimum of 13 data records is required, and up to 42 for accommodation and over 60 for car rentals.
- This data must be sent every evening at the Spanish Ministry of the Interior via a dedicated digital platform.
- Professionals who fail to comply risk fines of up to 30,000 euros for plants and 25,000 euros for tour operators and hoteliers.
- Travellers who refuse to provide this information may be refused entry to a hotel or a car reservation.
Spanish tourism professionals, such as Ramรณn Estalella of the Spanish Confederation of Hotels and Tourist Accommodation (CEHAT), are denouncing this measure as a "step in the right direction". "completely illegal and disproportionate". and call the decree "Big Brother.
ECTAA (European Association of Travel Agents and Tour Operators) warns against the scope of the data requested, calling it excessive and potentially contrary to European data protection rules (RGPD)CEHAT believes that this massive collection exposes visitors to potential risks of misuse of their information in the event of cyber-attacks. CEHAT has also launched a legal action against the Spanish State.
The Spanish government, through the Secretary of State for Security, Rafael Perez Ruiz, is defending the decree, claiming that it is necessary for the fighting terrorism and organized crimeciting the arrest of 18,000 people in a voluntary trial.
In the face of these omnipresent threats, whether data theft or excessive data collection, travelers need to be extra vigilant. The Agency for Digital Italy (AgID) stresses the importance of the fundamental role of citizens in protecting their identity.
English 
Franรงais 
Deutsch 
Italiano 
Espaรฑol