Accommodation and Food Services
NAICS 72

Please provide the information below to view the online Verizon Data Breach Investigations Report.

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

  • Frequency

     

    156 incidents, 69 with confirmed data disclosure

    Top patterns

     

    System Intrusion, Social Engineering, and Basic Web Application Attacks represent 90% of breaches

    Threat actors

     

    External (90%), Internal (10%) (breaches)

    Actor motives

     

    Financial (91%), Espionage (9%) (breaches)

    Data compromised

     

    Credentials (45%), Personal (45%), Payment (41%), Other (18%) (breaches)

    Top IG1 protective controls

     

    Security Awareness and Skills Training (CSC 14), Access Control Management (CSC 6), Secure Configuration of Enterprise Assets and Software (CSC 4)

    What is the same?

     

    This industry continues to be targeted by financially motivated criminals going after payment and personal data.

    Summary

     

    Accommodation and Food Services, while having seen a decrease of System Intrusions since 2016, is still victimized by Malware via email and the Use of stolen credentials used against Web applications.

  • Patterns

     

    5-Year difference

     

    3-Year difference

    System Intrusions

     

    Less

     

    Less

    Social Engineering

     

    Greater

     

    No change

    Basic Web Application Attacks

     

    Greater

     

    Greater

  • Pattern

     

    Difference with peers

     

     

    System Intrusion

     

    No change

     

     

    Social Engineering

     

    No change

     

     

    Basic Web Application Attacks

     

    No change

     

     

  • The Accommodation and Food Services industry is one of the few industries that saw a drop in terms of System Intrusions. However, it shows similar trends to other industries in regard to Basic Web Application Attacks and Social Engineering. They have been on the increase over the last 5 years, and are now a bit closer to the same baseline for the types of attacks that the other industries are experiencing. 

  • Figure 78 captures the top Action varieties found in this industry. This is one of the few industries that is extremely long tailed, with over 80% of the breaches including Actions not captured in the top five varieties. While that might seem imposing, keep in mind that the vectors are still the usual suspects found in the other industries: Email, Web apps and Desktop sharing software.

  • Looking back

    In the 2012 DBIR, Accommodation and Food Services represented over 54% of our cases and has since dropped to less than 2% of our incidents. This represents both a total drop in cases but also a rather dramatic drop in incidents and may be representative of a larger shift in the criminal ecosystem to target and victimize not only the organizations with credit card data but any organization.

Let's get started.