IntelBroker has asserted responsibility for the Accor data breach and purportedly offers the data, containing 642,000 user records, for sale. According to the threat actor, the breach occurred on March 31st and is now accessible for purchase on BreachForums.
The validity of these assertions remains unconfirmed. However, a post attributed to IntelBroker on a hacking forum declares, “Accor.com Database, Leaked – Download!” The post, dated April 9, 2024, suggests an alleged dissemination of the data.
Accor, a leading global hospitality firm boasting 5,600 properties worldwide and a market capitalization of €10.5 billion, now confronts allegations of a data breach involving a substantial database containing sensitive organizational information. However. the organization denies the allegation of data leak, stating, ” there is no match with our systems processing the data of our guests or loyalty program members.”
Technical Analysis of the Accor Data Breach
The compromised data in this Accor data leak reportedly includes extensive details such as full names, email addresses, account information, industry types, and account titles. IntelBroker specifies that the exfiltrated database contains various fields such as ContactID, Email, Home Email, Status, DNS, Account, Title, AccountID, Contact Function, Account Industry, Contact Industry, CreateDate, First Name, and Last Name.
Initial analysis of the leaked data by The Cyber Express reveals a focus on individuals within the healthcare and pharmaceutical industries. Entries include professional information such as names, email addresses, company names, job titles, departments, industry sectors, and timestamps. Notable companies mentioned in the dataset encompass industry leaders like Becton Dickinson and Co., Biogen, AbbVie, Merck, and Novartis, among others.
The presence of such detailed information raises concerns regarding potential misuse, including targeted marketing, recruitment efforts, phishing attempts, or identity theft.
Moreover, the status of some email addresses as “PENDING: BOUNCED” suggests issues with deliverability or accuracy, further complicating the matter.
The Cyber Express has reached out to the hospitality firm to learn more about the authenticity of the Accor database leak and any mitigation strategies. In a conversation with TCE, Accor stated that there is no evidence of such a breach.
“Starting March 31st, reports have been circulating regarding a potential data leak affecting our reservation platform through a post on LinkedIn related to a forum selling Accor information. After thorough investigation there is no match with our systems processing the data of our guests or loyalty program members”, said a Accor spokesperson.
Talking about the security of the guests and members, the spokesperson denoted, “the privacy and security of our guests and members are our top priorities, and we employ robust measures to safeguard their information. Our teams are continuously monitoring our systems to ensure the integrity and confidentiality of personal data.”
Cyberattacks on the Healthcare Sector
Despite not being confirmed and denied by the organization, the Accor data leak follows a rise in cyberattacks on the healthcare sector with multiple threat actors claiming data breaches on major hospitals and healthcare facilities around the world. According to Infoblox’s 2024 Healthcare Cyber Trend Research Report, approximately 118.9 million patient records were compromised in 2023, affecting over a third of the U.S. population.
Attacks, including ransomware and phishing, are expected to persist, posing challenges to healthcare institutions. Data breaches are reported under HIPAA regulations, with hacking incidents categorized as major breaches. The healthcare sector’s digital transformation increases vulnerability, necessitating a robust defense-in-depth strategy.
In response to this rise in cyberattacks on the healthcare industry, WHO, in collaboration with various international organizations, published reports addressing cyber-attacks on healthcare and disinformation during public health emergencies.
Published on January 26, 2024, the two reports emphasize operational strategies to strengthen health security. The initial report highlights the impact of cyberattacks on healthcare during the COVID-19 pandemic, stressing the need for cyber-maturity and collaboration with law enforcement.
The second report examines countering disinformation, proposing awareness campaigns, promoting critical thinking, and collaborating with stakeholders to combat this threat. These reports stress the importance of multisectoral alliances in leveraging technology for improved health outcomes amidst hackers and ransomware groups.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
