HIH A.I CyberSecurity Scoring
04/04/2026
Access Monitoring Plan
Access Monitoring Plan
No incidents recorded for Holiday Inn Harrisburg/Hershey in 2026.
No incidents recorded for Holiday Inn Harrisburg/Hershey in 2026.
No incidents recorded for Holiday Inn Harrisburg/Hershey in 2026.
Hospitality
Hilton Grand Vacations is a global leader in vacation ownership, developing, marketing and operating a portfolio of high-quality, shared-ownership properties in highly desired vacation destinations. Our company also manages and operates innovative club membership programs providing exclusive exchange, leisure travel, and reservation services for our Members. At Hilton Grand Vacations, our culture of hospitality extends to our more than 10,000 Team Members who collectively play an important role in delivering exceptional service, quality accommodations, and memorable travel experiences. That’s why we’ve created a workplace that supports growth, opportunity, work-life balance, and respect throughout our Club affiliated properties, sales centers, and corporate offices around the globe.
More than an iconic place to stay, Holiday Inn Hotels are a place to be in the moment–gathered to celebrate with family, laughing with friends, sharing a meal with the team, or just for some well-deserved me-time. No matter the reason you travel, when you’re here, you’re right where you’re meant to be. Book with us and become an IHG One Rewards member.
The resorts and casinos of MGM Resorts International™ are some of the most famous in the world. Our 28 destinations are renowned for their winning combination of quality entertainment, luxurious facilities, and exceptional customer service. We are actively expanding our presence globally, with potential developments in a number of domestic and international markets. At MGM Resorts International, we are all striving together to deliver an enticing blend of entertainment to every corner of the world. Many of our resorts are located in Las Vegas. Las Vegas features three of the largest convention centers in the U.S., spectacular entertainment, attractions, shopping, and world-famous resorts. Whether dancing fountains, incredible stage productions, casino action, museums or natural attractions such as Lake Mead, Vegas offers something for everyone. A stroll down our streets takes you around the globe, with recreations like climbing to the top of the Eiffel Tower or taking a Venetian gondola ride. From shimmering resort pools and spa rejuvenation to nonstop nightlife, Las Vegas promises an unforgettable career destination. With all of our unique and spectacular resorts and casinos, MGM Resorts International has a world of opportunities for you to discover excitement and rewards as you provide our guests with a wonderful and memorable experience. Take a closer look at our properties. We think you'll find an opportunity that's right for you. The 81,000 global employees of MGM Resorts are proud to be recognized as one of FORTUNE® Magazine’s World’s Most Admired Companies®.
J D Wetherspoon is a leading pub operator in the UK and Ireland. Back in 1979, founder chairman Tim Martin opened the very first Wetherspoon – in Muswell Hill, north London. Today, Tim and the company run over 850 pubs and hotels, spread right across the UK and, more recently, Ireland. During its history of over 40 years, Wetherspoon has repeatedly led the way with ground-breaking initiatives, picked up hundreds of awards (covering all aspects of pub life) and grown from a handful of staff to over 40,000 employees. The company seeks to develop its staff through effective and award-winning training and development, through a positive working environment and, of course, by means of a competitive pay packet. Every year, thousands of staff complete one or more of our award-winning training courses, not only preparing them to work safely and to the best of their ability, but also inspiring them to pursue positive career development. The company prides itself in offering, at all levels, excellent training and support.
Whitbread PLC is the owner of the UK’s favourite hotel chain, Premier Inn, as well as restaurant brands, Beefeater, Brewers Fayre, Table Table, Bar + Block and Cookhouse and Pub. Whitbread employs more than 35,000 people in more than 1,200 Premier Inn hotels and restaurants across the UK and Germany, serving over five million customers every month. At Whitbread we are committed to being a force for good in the communities in which we operate. Our Sustainability programme, ‘Force for Good’ is focused on enabling people to live and work well and is built around three pillars of Opportunity, Community and Responsibility. Whitbread PLC is listed on the London Stock Exchange and is a constituent of the FTSE 100. It is also a member of the FTSE4Good Index.
Aramark (NYSE: ARMK) proudly serves the world’s leading educational institutions, Fortune 500 companies, world champion sports teams, prominent healthcare providers, iconic destinations and cultural attractions, and numerous municipalities in 16 countries around the world with food and facilities management. Because of our hospitality culture, our employees strive to do great things for each other, our partners, our communities, and the planet.
IHG Hotels & Resorts [LON:IHG, NYSE:IHG (ADRs)] is a global hospitality company, with a purpose to provide True Hospitality for Good. With a family of 21 hotel brands and IHG One Rewards, one of the world's largest hotel loyalty programmes, IHG has over 7,000 open hotels in more than 100 countries, and a development pipeline of over 2,300 properties. Luxury & Lifestyle: Six Senses Hotels Resorts Spas, Regent Hotels & Resorts, InterContinental Hotels & Resorts, Vignette Collection, Kimpton Hotels & Restaurants, Hotel Indigo Premium: Noted Collection, voco hotels, Ruby, HUALUXE Hotels & Resorts, Crowne Plaza Hotels & Resorts, EVEN Hotels Essentials: Holiday Inn Express, Holiday Inn Hotels & Resorts, Garner hotels, avid hotels Suites: Atwell Suites, Staybridge Suites, Holiday Inn Club Vacations, Candlewood Suites Exclusive Partners: Iberostar Beachfront Resorts InterContinental Hotels Group PLC is the Group's holding company and is incorporated and registered in England and Wales. Approximately 400,000 people work across IHG's hotels and corporate offices globally. Visit us online for more about our hotels and reservations and IHG One Rewards. To download the IHG One Rewards app, visit the Apple App or Google Play stores.
Hilton (NYSE: HLT) is a leading global hospitality company with a portfolio of 24 world-class brands comprising more than 8,400 properties and over 1.25 million rooms, in 140 countries and territories. Dedicated to fulfilling its founding vision to fill the earth with the light and warmth of hospitality, Hilton has welcomed over 3 billion guests in its more than 100-year history, was named the No. 1 World’s Best Workplace by Great Place to Work and Fortune and has been recognized as a global leader on the Dow Jones Sustainability Indices. Hilton has introduced industry-leading technology enhancements to improve the guest experience, including Digital Key Share, automated complimentary room upgrades and the ability to book confirmed connecting rooms. Through the award-winning guest loyalty program Hilton Honors, the more than 210 million Hilton Honors members who book directly with Hilton can earn Points for hotel stays and experiences money can't buy. With the free Hilton Honors app, guests can book their stay, select their room, check in, unlock their door with a Digital Key and check out, all from their smartphone. Visit stories.hilton.com for more information, and connect with Hilton on Facebook, X, LinkedIn, Instagram and YouTube.
Delaware North is a global leader in the hospitality and entertainment industry. The company annually serves more than a half-billion guests across three continents, including at high-profile sports venues, airports, national and state parks, restaurants, resorts, hotels and casinos. Building on more than a century of enduring partnerships and a commitment to local communities and sustainability, Delaware North’s vision is to delight guests by creating the world’s best experiences today while reimagining tomorrow.
Latest updates, reports, and threat intel affecting the global network.
HARRISBURG, Pa. – Child support disbursements totaling millions of dollars faltered in Pennsylvania last week due to a system error on the...
HARRISBURG, Pa. — Parts of the Pennsylvania Courts website remain inaccessible Monday night following a cyberattack on Sunday.
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a `ClientPasswordReset` record already exists for a client (from a previous unexpired reset request), subsequent calls to the `reset_password` guest API endpoint reuse the existing token instead of generating a new one. The 15-minute validity window is anchored to the first request's `created_at` timestamp, not the time of the most recent email. An attacker who obtained the original reset link remains able to use it even after the victim requests a new reset, because the original token is never invalidated or rotated. Version 0.8.0 patches the issue. Some workarounds are available. Configure a reverse proxy (e.g., Nginx, Apache, Cloudflare) to apply per-IP rate limiting to the `/client/reset-password` endpoint to minimize the window of opportunity, and/or manually clear expired `client_password_reset` records from the database after a client reports a suspected compromise.
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow a low-privileged staff account to grant arbitrary module permissions to itself through the admin API, resulting in persistent privilege escalation. A staff user that only has `staff.create_and_edit_staff` can call `/api/admin/staff/permissions_update` targeting their own account and write any permission structure, bypassing the intended role-based access control boundary. Version 0.8.0 patches the issue. Some workarounds are available. Restrict the `staff.create_and_edit_staff` permission to only highly trusted staff members and/or use a reverse proxy or WAF to restrict access to `/api/admin/staff/permissions_update` to specific trusted roles.
FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service secrets for orders that are no longer in an `active` state (e.g., `suspended`, `canceled`). The root cause is missing order-state validation in two client API endpoints, despite an `isActive()` helper already existing in the `Serviceapikey` module and the frontend UI correctly gating access on `order.status == 'active'`. Version 0.8.0 contains a fix. Some workarounds are available. If the `Serviceapikey` module is not needed, uninstall it to remove the affected endpoints. One may also use a reverse proxy or WAF to restrict access to `/api/client/order/service` and `/api/client/serviceapikey/reset` based on application-level order-state logic.
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the `can_always_access` module flag (which grants all staff access to certain modules) and insufficient permission checks or unsafe parameter handling on individual endpoints. Version 0.8.0 contains a fix. Some workarounds are available. Restrict staff accounts to only those who need access to sensitive settings and/or use a reverse proxy or WAF to restrict access to the affected endpoints to trusted IP addresses or higher-privilege roles.
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require Email Confirmation" setting is enabled, a logged-in client with an unverified email address (`email_approved = 0`) can access all client-area pages (e.g. `/client/balance`, `/client/order/list`, `/client/invoice`) and read real account data, including wallet balances and transaction history. The API-side enforcement correctly restricts unverified clients to only profile-related endpoints, but the page-side enforcement is overly permissive, allowing any request whose path starts with `/client`. Version 0.8.0 contains a fix. No known workarounds that don't involve modifying the source code are available.
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.