Trend Micro researchers believe the data involved in the Huazhu Hotels Group breach has already appeared for sale on the Dark Web.
The stolen PII from the hotel customers was found when an advertisement on the Dark Web was seen that matched the data involved in the breach. The asking price for the information was 8 bitcoin, or about US$ 58,000 (£44,829), Trend Micro said.
In addition, any potential criminal buyer would also receive customer information such as registered check-in time, customer name, ID number, home address, birthday, and internal ID number for the 130 million or so affected individuals.
Bitcoin is the primary currency used by cyber-criminals. The data was on sale for 8 bitcoin.
The amount of detail available drilled down to customer room numbers is quite detailed.
"The advertisements claimed that the stolen data included names, mobile phone numbers, email addresses, ID numbers, and residential addresses, among others, totaling up to 53GB (about 123 million records)," the research firm reported.
And there was more found.
A 1.4GB file included customer names, room numbers, card numbers, mobile numbers, email addresses, check-in and departure times, and hotel ID numbers, Trend Micro said.