Data Breach at Liseberg: Sensitive Hotel Guest Information Potentially Leaked

A recent data breach at Sweden’s Liseberg amusement park may have compromised sensitive information on hotel guests. The incident occurred on October 22, and officials responded swiftly to prevent further damage. Affected guests have been notified and advised to exercise increased caution.

Liseberg Data Breach: Personal Information at Risk

On October 22, Liseberg fell victim to a data breach that may have exposed personal information, including names, email addresses, phone numbers, home addresses, company names, and guests’ length of stay. The breach targeted the booking system for the Grand Curiosa Hotel, and an alarm enabled rapid detection. The IT department immediately disabled the affected account, stopping the breach before more data could be compromised. The exact extent of the data leak is still under investigation.

Guest Notification and Precautionary Recommendations

On Thursday, following the breach, Liseberg informed impacted guests via email. The notification provided precautionary recommendations against possible phishing attacks and other fraudulent activities. Guests were advised not to click on suspicious links in messages and to avoid sharing sensitive information like credit card details. The email particularly highlighted the need for vigilance among guests with upcoming bookings, as they could be more vulnerable to fraud attempts that mimic genuine booking processes.

Security Measures and Reporting to Authorities

Liseberg immediately reported the incident to both the police and Sweden's data protection authority, Integritetsskyddsmyndigheten (IMY). The amusement park is working with both authorities and a specialized IT service provider to identify the cause of the breach and address any security gaps. Peter Grimbeck, Liseberg’s IT manager, emphasized that the company’s security protocols were quickly effective and that the affected account was promptly locked.

Current Status of the Investigation

While the company has taken the incident seriously and acted preventively, there are currently no indications that actual fraud attempts have been made against the affected guests. The ongoing investigation is focused on determining whether the stolen data has been misused or whether additional information has been exposed. Collaborating with the booking system provider is a critical step in reducing the risk of further breaches.

Focus on Future Bookings and Prevention

Liseberg specifically directed its warnings toward guests with upcoming bookings, as the risk of fraudulent emails could be higher for them. These guests may receive emails that appear to come from the amusement park and could look convincingly authentic. To maintain security, Liseberg plans to protect all future guests through enhanced security measures and will proactively inform them of potential risks.

Cyberattacks in the Hospitality Industry: A Growing Concern

Peter Grimbeck noted that data breaches like this are unfortunately common in the hospitality and amusement sectors and represent a growing global issue. The attack methods used are well-known and, unfortunately, widespread. Consequently, Liseberg invests in comprehensive security protocols and regular staff training to protect its guests’ data and be prepared for such incidents.

Liseberg’s Commitment to Data Security

Liseberg assures its guests that all available measures have been taken to prevent similar incidents in the future. Through its swift response to the breach and comprehensive communication with affected guests, the company demonstrated its commitment to data security. The amusement park plans to continuously update its systems and work closely with experts to maintain a high level of security.

Tip for news? press@waitingtimes.app