The Office of the Privacy Commissioner says personal information of more than 290,000 customers of Shangri-La hotel group may be stolen


2nd October 2022 – (Hong Kong)  Shangri-La hotel group sent an email on 30th September to its guests who have stayed in the hotels of its group in Hong Kong, Singapore, Chiang Mai, Taipei and Tokyo to inform them that a data security incident that occurred at a Shangri-La hotel that the guests may have stayed in. Shangri-La has reported the incident to relevant authorities and are cooperating with them. 

The Office of the Privacy Commissioner said yesterday that more than 290,000 customers may be impacted. Considering the nature of the incident and the large number of customers affected, the Office has launched a compliance review on the incident. The announcement stated that the group recently discovered unauthorised activities in its IT network, and hired external network security experts to investigate and control the impact of the incident. It was subsequently discovered that the guest database had been compromised from May to July this year. However, Shangri-La emphasised that the data such as the date of birth, ID card and passport number and credit card of the guests in the database are encrypted and protected, and there is no evidence that any guest information has been used improperly.