The hotel chain Radisson Hotel Group suffered a security breach that exposed personal information (name, address (including country of residence), email address, and in some cases, company name, phone number, Radisson Rewards member number, and any frequent flier numbers on file) of the members of its loyalty scheme.
The incident has happened on September 11, but the IT staff at the Radisson Hotel Group identified it only on October first. The staff promptly locked out the intruders once discovered the data breach.
The hotel chain Radisson Hotel Group is present in 73 countries and owns several brands including the Radisson, Radisson Blu, Radisson Red, Country Inns and Suites by Radisson and Park Inn by Raddison.
The company notified the security breach to the holders of the Radisson Rewards cards only yesterday.
Payment info and passwords were not exposed due to the incident.
According to the data breach notification email sent by the Radisson Hotel Group the security breach affected only a “small percentage” of the Radisson Rewards members.
“All impacted members accounts have been secured, and flagged to monitor or any potential unauthorised behaviour. While the ongoing risk to your Raddison Rewards account is low, please monitor your account for any suspicious activity.” reads the data breach notification.
“Radisson Rewards takes this incident cry seriously and is conducting an ongoing extensive investigation into the incident to help prevent data privacy incidents from happening again in the future.”
At the time of writing, there are no technical details about the data breach.
“The data security incident impacted less than 10 percent of Radisson Rewards member accounts,” a Radisson spokesman told ElReg.
Cardholders should be cautious about potential scams carried out by cybercriminals in possession of the stolen data.
Below the Official Radisson Hotel Group Global Media Statement:
Radisson Hotel Group has informed impacted members of its global loyalty program, Radisson Rewards, about a data security incident which was discovered on October 1, 2018. The data security incident impacted less than 10 percent of Radisson Rewards member accounts and did not compromise any credit card or password information. Our ongoing investigation has determined that the information accessed was restricted to member name, address (including country of residence), email address, and in some cases, company name, phone number, Radisson Rewards member number and any frequent flyer numbers on file.
Upon identifying this issue Radisson Rewards immediately revoked access to the unauthorized person(s). All impacted member accounts have been secured, and flagged to monitor for any potential unauthorized behavior.
We take the data privacy and security of our members very seriously and are conducting an extensive ongoing investigation into the incident to help prevent data privacy incidents from happening again in the future.
(Security Affairs – Radisson Hotel Group, data breach)