Notice of a Data Security Incident
30 September, 2022
Shangri-La Group recently discovered unauthorized activities on our IT network. We immediately engaged cyber forensic experts to investigate and contain the issue. The investigation revealed that between May and July 2022, a sophisticated threat actor managed to bypass Shangri-La’s IT security monitoring systems undetected, and illegally accessed the guest databases of the following properties:
Island Shangri-La, Hong Kong
Kerry Hotel, Hong Kong
Kowloon Shangri-La, Hong Kong
Shangri-La Apartments, Singapore
Shangri-La Singapore
Shangri-La Chiang Mai
Shangri-La Far Eastern, Taipei
Shangri-La Tokyo
Certain data files were found to have been exfiltrated from these databases but the investigation has not been able to verify the content of these files. The databases contained guests' contact information but personal information such as dates of birth, identity and passport numbers, and credit card details, was encrypted. There is no indication that any guest data has been misused.
This incident has not impacted our operations and steps have been taken to further strengthen the security measures of our IT networks. We have notified the relevant authorities as well as affected guests.
We deeply regret any inconvenience or concerns this incident may cause.
