Meltdown and Spectre Vulnerabilities: What You Need to Know

Meltdown and Spectre have been in the headlines this week as new vulnerabilities that can make an impact on many central processing units. Maybe you’ve heard about these vulnerabilities and are wondering how they might impact you and your hotel, chain, or channel.

As a leading technology company in the hotel industry, we wanted to clear up some of the information on these vulnerabilities, and let you know what steps we are taking to keep our customers safe.

What Are Meltdown and Spectre Vulnerabilities?
Meltdown and Spectre are a collection of three vulnerabilities that affect all Central Processing Units in almost all computers. These are hardware bugs that can allow information being processed on a computer, or server, to be obtained by non-privileged programs. Normally, programs are prohibited from reading data in use by other programs. However, when exploited, “Meltdown” and “Spectre” allow this normally secret information to be read by any software that’s asking for it.

Simply put, these vulnerabilities can allow access to privileged data stored on the CPU.

How Does This Affect Leonardo?
First of all, it’s important to note that for a bad actor to take advantage of these vulnerabilities, they would first need access to the system. As Leonardo’s systems have not been compromised, neither Meltdown nor Spectre pose a threat to our customers.

Secondly, since Leonardo does not store any private data like credit card information in our systems, there is no risk of that information being accessed. Leonardo stores hotel images and descriptions, all content that is already publicly available.

What Steps is Leonardo Taking?
We are confident that there is no sensitive data available to these vulnerabilities. For the sake of due diligence, we are continuing to upgrade servers and hardware as well as working with our vendors to deploy the required updates to mitigate vulnerabilities.

Our customers are our number one priority, so we will continue to monitor the situation for any changes and offer you updates as necessary.

The Takeaways

• The most important thing to be aware of, is that without access to our systems, there is no way to exploit Spectre or Meltdown.
• Leonardo does not store your sensitive information (credit card) in our systems, so there is no risk of it being accessed.
• Leonardo’s Operations team is upgrading servers and hardware as a safety precaution, and continuing to monitor the vulnerabilities.