As many as 700,000 guests of Choice Hotels may have had their personal data compromised.
The data breach was entirely preventable as the information was hosted on an unsecured MongoDB database.
It was first brought to light by an internet security researcher but by then hackers had apparently accessed it.
Hackers left a ransom note demanding $4,000 in bitcoin.
The hotel group said it has now stopped using the vendor which hosted the data, and none of its own servers were breached.
"The records did not contain payment, password or reservation information. We will be notifying affected guests to advise them of what occurred," Choice Hotels said in a statement.
"We have discussed this matter with the vendor and will not be working with them in the future. We are evaluating other vendor relationships and working to put additional controls in place to prevent any future occurrences."
Data potentially compromised included guest names, email addresses, and phone numbers.
















