700,000 Hit by Choice Hotels Data Breach: What to Do Now

Neon sign proclaiming 'MOTEL'.
(Image credit: gabriel12/Shutterstock)

If you've stayed at a Clarion, Comfort Inn, EconoLodge, Quality Inn, Rodeway Inn or any of half a dozen other hotel and motel chains lately, you may see an uptick in spam and phishing scams.

That's because Choice Hotels, the parent organization of those franchise chains, suffered a data breach in which records of 700,000 guests were stolen, according to Comparitech, which reported the breach today (Aug. 13).

The affected data includes full names, addresses, email addresses and telephone numbers. No credit cards, passwords or Social Security numbers were compromised.

To prevent this breach from affecting you, make sure you have robust antivirus software running on your computer, even if it's a Mac, because good AV suites can protect against phishing attacks and filter spam. 

MORE: What to Do After a Data Breach

You'll have to watch out for SMS text-message phishng ("smishing") and voicemail phishing ("vishing") as well, and that's going to have to be up to you. 

If you get a link in an unsolicited text message, don't click on it; if a robocall or live caller tells you that your Apple, Google or Facebook account has been hacked, don't believe it.

Comparitech worked with independent security researcher Bob Diachenko, who specializes in finding unprotected databases online. 

On July 2, two days after this database (which Choice Hotels said was run by a third-party vendor) was indexed by a search engine, Diachenko checked it out. But someone else had beaten him to it, copied the data and left a ransom note asking for 0.4 bitcoin, or about $4,300 at today's exchange rates.

Comparitech says Diachenko notified Choice Hotels, which got the database owner to secure it, but took no further action. Nudged again by Diachenko at the end of July, the company launched an investigation.

Unfortunately, we don't know how far back the data goes, so we can't give a time window during which someone who checked into a Choice Hotels franchisee might have been affected. 

"We have discussed this matter with the vendor and will not be working with them in the future. We are evaluating other vendor relationships and working to put additional controls in place to prevent any future occurrences of this nature," Choice Hotels told Comparitech.

The database was apparently being used for testing purposes, so the number of compromised accounts is far lower than the total number of guests who've stayed in a Choice Hotels-affiliated establishment in the past few years.

Choice Hotels "currently franchises more than 7,000 hotels, representing nearly 570,000 rooms, in more than 40 countries and territories" worldwide, the company website states.

Aside from the hotel and motel chains listed above, Choice Hotels franchises and handles most bookings for the Ascend Hotel Collection, Cambria Hotels, MainStay Suites, Sleep Inn, Suburban Extended Stay Hotel and WoodSpring Suites.

Most of the individual establishments are independently owned and operated.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.