This is a follow-up to our 26th July, 2024 press release entitled “Important Notice: Apology and Notice Regarding Possible Leakage of Personal Information Due to Unauthorized Access to Booking.com Management System and Message Distribution Leading to Phishing Sites” and we would like to report the facts discovered during the subsequent investigation as follows:
Our hotel has been investigating about the unauthorized access, and we have received a report from the vendor of the management system (hereinafter referred to as “the contractor”) that fraudulent third-party logins to our accommodation reservation and sales management system hereinafter referred to as “The Management System”) have been detected for our Hotel Yaenomidori property.
These logins may have resulted in unauthorized access to the reservation information of some customers who made reservations through Booking.com.
Although all details are still under investigation, but we sincerely apologize for any inconvenience or distress this issue may have caused our valued guests.
1. Background and Overview
On 20th August, 2024, the contractor's investigation has confirmed unauthorized access to personal data entrusted to it through the Management System. Some personal data was exported in CSV format, which is believed to be an attempt by the unauthorized party to steal information.
In addition, we are currently investigating the phishing email incident that occurred on the reservation site "Booking.com" which was announced on 26TH July, 2024, as we surmise this was most likely caused by unauthorized access to the management system.
2. Potentially Viewed Guest Information
Investigation period: from 2nd July, 2024 to 2nd August, 2024
Affected: Customers who booked through Booking.com with a check-in date between 30th June, 2024 and 26th January, 2025.
The following guest information may have been viewed by a third party through the Management System:
・Name
・Nationality
・Telephone number
・Date of stay
・Number of guests
・Email address for guest communication
Note:
※The "Email address for guest communication" is a temporary email address used by Booking.com to contact guests for security purposes (anonymous email address with @guest.booking.com at the end) and we believe that the email guests normally use may not have been viewed or leaked.
※As credit card information and physical addresses are not registered in the Management System, there is no possibility that such information is viewed.
3. To our customers
Regarding this matter, we will not send you any individual requests or confirmation emails.
If you receive a suspicious contact using our company name, please do not respond. Please note that we will never ask you about your credit card information.
4. Future Measures
We are currently cooperating with related organizations to investigate the cause of the problem and take all possible measures to prevent recurrence by implementing the necessary countermeasures.
5. Contact Information
Hotel Yaenomidori Tokyo
Telephone number: 03-6263-2020
E-mail address: info@yaenomidori.jp
Again, we sincerely apologize for the significant inconvenience and concern this may have caused to our guests.
Hotel Yaenomidori Tokyo General Manager