Choice Hotels has contacted customers following a data breach said to involve 700,000 customer records.
In a statement, the company says the breach was down to a third-party vendor who “copied the impacted data from our environment without authorization” and moved it to its server.
It goes on to say that, in the process, the third party’s server was accessible from the internet for a few days.
Choice says that while much of the data was fake, some guest information such as names, addresses, phone numbers and email addresses was included in the data.
The company says that the vendor deleted the database from its server and that it has “ended its relationship” with the vendor.
Choice asks customers to be aware of phishing emails or other texts and mailings going forward.
It also asks customers and its hotels to contact the data company's data protection officer with any questions.
Subscribe to our newsletter below
This is the latest in a string of recent security breaches in the travel industry involving high-profile brands including British Airways and Marriott.
Both companies were recently issued with record-breaking fines by the Information Commissioner's Office.
Security experts say the industry has become more of a target, especially for nation state adversaries, because of the amount of information travel companies hold about their customers.
Patrick Martin, head of threat intelligence at risk protection service Skurio, says brands should be aware that "going public with this kind of information can inadvertently encourage threat actors to probe organizations with similar databases for vulnerabilities.
"Looking into an open container as a security researcher or opportunist is one thing, but if you start reading contents, including ransom notes, then it could be argued in court that you have crossed a line, which places focus back to whoever uncovered this information."