HOTEL CHECK-IN SYSTEM EXPOSED 1M PASSPORTS

The tech company operating the system misconfigured its cloud storage settings, setting the database to public instead of restricting access to authorized personnel only. Anyone with an internet connection could view the sensitive identification documents. The exposed data included full copies of passports and driver's licenses from hotel guests across multiple properties. No authentication was required to access the information. The misconfiguration was discovered and reported to the company, which secured the storage following notification. The exact number of affected individuals and the duration the data remained exposed have not been fully disclosed. This incident highlights a recurring vulnerability in hospitality technology: the storage of high-value personal identification data combined with inadequate security controls. Hotels collect ID documents during check-in to verify guest identity and comply with regulations, but improper storage creates significant privacy risks. Cloud storage misconfigurations remain a leading cause of data breaches across industries. Security best practices require that sensitive data be stored with encryption, access controls, and authentication requirements. Default settings should assume private storage unless explicitly configured otherwise. The incident raises questions about the company's security protocols and oversight mechanisms. Organizations handling sensitive customer data face increasing scrutiny from regulators and the public following high-profile breaches. Affected guests may face elevated identity theft risks. Passports and driver's licenses provide sufficient information for fraudsters to commit identity fraud or create forged documents.