Security Experts:

Connect with us

Hi, what are you looking for?



China Arrests Suspect for Customer Data Leak at Accor Partner

Shanghai police have arrested a man in connection with a data leak at NASDAQ-listed Chinese hotelier Huazhu Group after the suspect failed to sell the information online.

Shanghai police have arrested a man in connection with a data leak at NASDAQ-listed Chinese hotelier Huazhu Group after the suspect failed to sell the information online.

The 30-year-old suspect had hacked and stolen user data from hotels under Huazhu Group and tried to sell it on overseas websites, the police said in a statement late Wednesday.

Huazhu, one of China’s biggest hoteliers and the local partner of France-based AccorHotels, had alerted police to reports in August that the company’s internal data was being sold online.

Huazhu Group said in a statement to the New York stock exchange on Monday that “the suspect also attempted to blackmail Huazhu by leveraging public pressure, without success”.

The potentially-leaked data included guest membership information, personal IDs, check-in records, guest names, mobile numbers and emails.

Shanghai police said the case is under further investigation.

Huazhu operates more than 3,000 hotels in more than 370 cities in China, including the AccorHotels brands Ibis and Mercure. 

The sale of personal information is common in China, which last year implemented a controversial cybersecurity law that requires services to store user data in China and receive approval from users before sharing their details.

Before Huazhu formed a long-term alliance with Accor in 2014 to help the French hotel group develop the Chinese market, it experienced another user data leak.

Xinhua reported check-in records from Huazhu and other hoteliers were stored by third parties and leaked in late 2013 due to management system loopholes.

Chinese e-commerce giant Alibaba came under fire earlier this year over its handling of user data in an episode that underscores growing concerns for privacy in the hyper-digitised country.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.