Hotel employee jailed for exploiting rewards system to redeem a flight to Bangkok

SINGAPORE — While working at the Crowne Plaza Changi Airport hotel, Siva Kumar Pushpanathan exploited his company’s system to get bonus points for the Inter-Continental Hotel Group rewards club.

He eventually used the points to redeem a round-trip flight ticket from Singapore to Bangkok in Thailand. However, the Inter-Continental Hotel Group’s global fraud protection unit later cancelled the ticket.

Separately, while working in another hotel, he transferred S$5,600 from his supervisor’s bank account to his own and used the money to “repay” a guest he had stolen from.

Siva was sentenced to 33 weeks’ jail on Wednesday (Feb 26) after pleading guilty to one theft charge and five others under the Computer Misuse and Cybersecurity Act. Another 10 similar charges were considered for sentencing.

The court heard that on June 8, 2018, Siva stole US$4,000 (S$5,320) from a guest’s safe at the Orchid Golf & Resort Hotel which is located within the grounds of the Orchid Country Club in Yishun.

Siva, now aged 39, worked as an operations executive there at the time.

The guest was an Egyptian man who was in Singapore on a business trip. He checked into the hotel and left two envelopes — each containing US$10,000 — locked in his room’s safe.

About two weeks later, upon realising he could no longer open the safe, he asked the hotel management for help. 

He then discovered that US$4,000 was missing from an envelope.

Investigations revealed that Siva had entered the room some time during the two weeks, took the money from the safe and locked it again. 

When the guest told the hotel employees that his money was missing, Siva returned the cash, explaining that he had seen the envelope out in the open and decided to “keep the money”.

ACCESSED BOSS’ ACCOUNT ON HIS DAY OFF

Then, in another turn of events, Siva repaid the guest with cash taken from his supervisor who was the hotel manager.

When his manager was on holiday, Siva returned to the hotel on his day off and used his manager’s work computer to access his bank account online. 

The hotel manager allowed his subordinates to log in to his computer with his password when he was on leave. 

He had also written his online banking password on a piece of paper and put it on his desk calendar. He kept his banking token in his office drawer as well.

Once Siva was in his boss’ account, he added his own DBS bank account as a new payee and transferred S$5,600, which he used to pay the guest back.

The hotel manager discovered what had happened 10 days later when he tried to log into his account and did not receive the one-time PIN on his mobile phone.

The bank told him that the mobile phone number linked to his account had been changed to a different one. 

He later found out that the new number belonged to the Orchid Country Club duty manager’s phone, which was rotated among the duty managers, including Siva.

TOOK ADVANTAGE OF COLLEAGUE

In 2017, Siva was working as a front office trainer at Crowne Plaza Changi Airport when he tampered with the reservation records.

The hotel was a member of the Inter-Continental Hotel Group and members of the group's rewards club could receive bonus points for staying at the group’s hotels. 

The points could be used to redeem various rewards. 

Siva’s ex-colleague had given him full access to her rewards club's account. 

He merged it with several guests’ reservation profiles, which he had retrieved using another colleague’s account at the front reception counter.

This resulted in a total of 121,880 bonus points being transferred to the account. 

Siva used the points to redeem a Singapore-Bangkok flight ticket on Cathay Pacific Airways from Nov 24 to 27 in 2017 but his scheme was ultimately thwarted.

On the day he was meant to leave for the trip, the Inter-Continental Hotel Group alerted the hotel to suspicious transactions on the rewards club's account. 

The assistant front office manager checked the hotel system and reviewed closed-circuit television footage before discovering what had happened.