The Cyber Security Threat is Real


AAHOA President & CEO

Update all of your technology so your hotels don’t become a target.

Aaron Cashatt burglarized more than 100 hotels throughout the country, and the only reason he was stopped was his own carelessness of being caught (nearly) in the act by hotel patrons.

If you have not heard of Aaron Cashatt, now is the time to become familiar with the cautionary tale. Several years ago, a so-called White Hat hacker (hackers that publicly present their hacking finds to educate and inform cyber security) presented a simple hack of an Onity lock. All the user needed was some basic electronic building skills—nothing that could not be learned by watching a YouTube video—and this hacker’s now-public code.

Aaron Cashatt took advantage in a major way. Using and perfecting his tool, he could open seemingly any Onity hotel lock in the country in a matter of seconds. His yearlong hacking and burglary spree crisscrossed the country but especially hit the greater Phoenix area. At first, authorities called him a ghost. He was in and out of a hotel room without breaking an entry and was careful about leaving fingerprints. Dressed as a guest or tourist himself, he was virtually indistinguishable from an average hotel guest—except he always wore a signature white fedora hat to hide his face from cameras.

His own carelessness, along with a drug habit, was his downfall. His tale presents a major lesson to learn for hoteliers, and timely for the month of October, which is National Cyber Security Month, an annual campaign to raise awareness about the importance of cyber security.

Lesson number one is to immediately implement the remedial fixes that Onity has put forth for their locks. In August, Aaron Cashatt’s tale was retold in WIRED magazine for millions to read, so copycats are likely to come. The author of the article himself built and tested the hacking device to use on hotel rooms he had rented and paid for (to avoid actually committing a crime by entering someone else’s room). It worked on one of the four rooms he tried. Do not let that room be in your hotel.

You may not immediately associate cyber security with a hotel room lock, but any electronic device—be it your phone, your computer or your smart devices like thermostats or televisions—could be vulnerable. Anything with even a small microchip can theoretically be hacked.

Lesson number two is be ready for the next time you are hacked because it will happen. Scott Garcia, a professional services risk advisor, wrote in Today’s Hotelier in June 2016 about understanding the impact of cyber attacks on your business. How can you ensure your business is protected, he asked.

“The truth is that you can’t,” he wrote. “Criminals are often one step ahead of the latest security measures.”

It is not as hopeless as that makes it sound, however. The steps to reduce the losses the eventual hack will cause start with reducing your organization’s vulnerability. The goal is to be an unattractive target. Hackers know what old technology is, and therefore an inviting hacking target, so start with upgrading all of the technology a guest might encounter, from room locks to your website to your digital marketing efforts.

As Garcia writes, technology is only increasing as a part of daily lives. Unfortunately, security for the devices in our homes, cars and businesses is often the last thing the developer thought of while trying to guide their startup to success. Do not let it be the last thing you think of as a hacker gets away with your or your guests’ data, money or possessions.

Take time this October to observe National Cyber Security Month. Browse the many webinars on the topic hosted at to get started. Your customers and your bottom line will be thankful you did.


  1. Talk about going above and beyond for your guests. A hotel in Belgium offers lone travelers a way to feel less lonely with a live goldfish rental for their room. It is a gimmick, says the owner. It got our attention.
  2. Hoteliers responded to the need in their community after hurricanes Harvey and Irma. Hundreds of rooms were donated so displaced families could have a roof over their heads and a warm bed. Cleanup and recovery continues in response to both hurricanes.
  3. AAHOA members are gathering at the Willard Intercontinental Hotel in Washington, D.C., October 24-25 for the Fall National Advocacy Conference. Lawmakers will get an earful from the hoteliers, who will urging them to take action on labor issues, tax reform and curbing drive-by lawsuits.
  4. The National Labor Relations Board, the unelected federal panel that upended the joint employer standard, is set for a makeover. This month marks the end of the term for the influential general counsel, while the chairman is stepping down in December. President Trump will fill the vacant slots.
  5. Will your city be home to the newest Amazon mega-office? Amazon announced plans to invest $5 billion and hire 50,000 new workers at a second headquarters the company is planning, and they want cities to submit proposals. That would be a boon for business lodging for years to come.

Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.