Data Breach Roundup (May 15 - 21, 2026)

Tabiq is a used in several hotels in Japan and primarily relies on facial recognition and document scanning to check in arriving guests. The data was exposed because the Amazon S3 bucket used by Tabiq was set to public and required no password. It's unclear how that happened since S3 buckets are set to private by default.

This is a companion discussion topic for the original entry at https://www.privacyguides.org/news/2026/05/22/data-breach-roundup-may-15-21-2026/