Skip to main content

Travel Site Data Breach & Hotel Booking Security

Thank you for considering The Lyon Firm. At this time, we are not accepting plaintiffs related to this specific consumer issue. However, if you would like to be contacted in the future, please complete the contact form. By completing the form you will be contacted if the Firm begins accepting new cases on this matter, and you will also be included in firm news alerts related to important consumer safety and privacy issues to help keep you informed about related issues.

Ten million customers’ personal data was exposed by a booking site software glitch, leading to new class action travel site data breach litigation. Customers of,, Expedia and other major booking sites have allegedly had their personal data exposed–data possibly dating back to 2013.

Security experts said data from millions of hotel guests globally were exposed via Prestige Software which provides automated booking solutions to major travel sites. Prestige’s Amazon Web Services (AWS) cloud storage service was reportedly misconfigured, which led to the exposure of personal data of millions of customers.

Leaked personal information may include names, email addresses, and phone numbers of hotel guests, as well as complete credit card information.

Experts warn that hackers may use personal data and credit card information to commit financial fraud, even as the company reported that the glitch was fixed within a day. It is still unknown whether customers’ data has fallen into cyber criminals’ hands.

Joe Lyon is a highly-rated Ohio data breach attorney reviewing security breach and invasion of privacy cases on behalf of plaintiffs nationwide.

Travel Site Data Compromised

Attorneys now hold companies accountable for their inability to properly secure their clients’ data they hold in data entry systems and cloud storage. Prestige Software, a supplier of software services to the online travel industry, has been accused of improperly securing their cloud data. Thus, users of travel websites like, Expedia and may have been affected.

Prestige allegedly failed to properly configure an AWS Simple Storage Service (S3) bucket, and left data exposed. 24.4GB of data and at least 10 million files may have been up for grabs on the internet. Credit card details, payment details, reservation details, names, email addresses, ID numbers and phone numbers were left unsecured.

The data system was secured within a few hours of the security lapse, but it is impossible to say if the database had been copied or stolen. AWS S3 buckets are typically secure by default, so there may have either been a hack or some kind of error or negligence on the part of Prestige Software.

Are Cloud Data Breaches Common?

Hacking is one concern for all data systems, but misconfigurations are actually the number one cause of a public data cloud breach. With the complexity of the data access points and security configurations, human error is the leading reason for a cloud data breach.

Cloud technology helps organizations to file data faster, but security must remain a priority. Introducing new technologies is great, but only when paired with the proper safeguards. Experts say many companies are playing a dangerous game with their live data. They should be using a data-centric security model like tokenization, which allows a firm to use protected data, analytics and data sharing.

Plaintiffs say companies like Prestige need to stop thinking of data privacy as a legal matter, and more of a customer right. To avoid further travel site data privacy litigation, websites and third-party software outfits have a duty to strengthen their cloud storage and protect consumers’ personal information.

cloud storage data breach, Data Privacy Lawsuits, Hotel Privacy Breach Attorney, prestige software, Security Breach Lawsuits