Hotel check-in system exposes over a million passports and driver's licenses publicly
Tags Enterprise · Infrastructure
A technology company that provides check-in systems for hotels left cloud storage configured to public access, exposing approximately one million scanned passports and driver's licenses without requiring a password. The data was accessible to anyone who knew the storage bucket URL. The breach affects guests across multiple hotel chains that use the platform for identity verification during check-in.
Technical significance
This is a textbook cloud misconfiguration incident affecting identity documents — among the most sensitive personal data categories. The scale (1M+ documents) and the nature of the data (government-issued IDs) make this a GDPR/CCPA-relevant breach. It underscores the ongoing challenge of third-party vendor risk in hospitality technology stacks.