The other two hotels in Hong Kong were Kerry Hotel, Hong Kong in Hung Hom, and Kowloon Shangri-la in Tsim Sha Tsui.
On the other hand, the other five hotels that were also under the cyberattack were located in Singapore, Chiang Mai, Taipei, and Tokyo.
“Certain data files were found to have been exfiltrated from these databases, but the investigation has not been able to verify the content of these files, Shangri-la Group said in a statement.
“The databases contained guests’ contact information but personal information such as dates of birth, identity and passport numbers, and credit card details, was encrypted. There is no indication that any guest data has been misused.”
“We have notified the relevant authorities as well as affected guests. We deeply regret any inconvenience or concerns this incident may cause.”
Meanwhile, the group is offering affected guests the Experian IdentityWorks monitor, a third-party identity monitoring service provider that can monitor the web, social networks, and public databases for personal information provided for one year on a complimentary basis.
The group also advised affected guests to heighten awareness across their accounts.
Replying to media inquiries, the Office of the Privacy Commissioner for Personal Data said they were informed of the data leak by Shangri-la on Thursday (Sep 29) night.
The Office estimated more than 290,000 Hongkongers will be affected by this incident, and they have initiated an official investigation due to the nature of the incident and the large size of affected guests.
The Office also expressed disappointment in the group reporting the data leak almost three months following the cyberattack. They reminded organizations to report data leak incidents as soon as possible to minimize the impact on affected parties.
Click here for more information from the Shangri-la Group.