In a major cyber attack Radisson Hotel Group suffered security breach that exposing personal information of all its loyalty scheme members.
If reports on the breach are to be believed then the compromised information includes name, address, email address, and in some cases, company name, phone number, Radisson Rewards member number, and any frequent flier numbers on file of the members enrolled in loyalty scheme.
Although attack was executed on September 1, it was identified by IT staff of Radisson Hotel Groups by October. Though the staff recognized and shut down intruders once they discovered the data breach. The affected members were then informed about the breach later. The assurance given by the Radisson Hotel Group was that Payment info and passwords were not exposed by the attack.
Such an attack on large international group such as Radisson Hotel Group serving 73 countries, including the Radisson, Radisson Blu, Radisson Red, Country Inns and Suites by Radisson and Park Inn by Radisson, indicates the growing vulnerability to cyber attacks of hospitality industry.
As per the broadcast sent by Radisson Hotel Group the security breach affected only a “small percentage” of the Radisson Rewards members and not all.
It stated that “All impacted members accounts have been secured, and flagged to monitor or any potential unauthorized behavior. While the ongoing risk to your Radisson Rewards account is low, please monitor your account for any suspicious activity.” reads the data breach notification.
“Radisson Rewards takes this incident cry seriously and is conducting an ongoing extensive investigation into the incident to help prevent data privacy incidents from happening again in the future.”
It further said at the time of writing, there are no technical details about the data breach.
“The data security incident impacted less than 10 percent of Radisson Rewards member accounts,” a Radisson spokesman told ElReg.
Cardholders should be cautious about potential scams carried out by cyber criminals in possession of the stolen data
Following is the media statement given by the Radisson Hotel Group
“Radisson Hotel Group has informed impacted members of its global loyalty program, Radisson Rewards, about a data security incident which was discovered on October 1, 2018. The data security incident impacted less than 10 percent of Radisson Rewards member accounts and did not compromise any credit card or password information. Our ongoing investigation has determined that the information accessed was restricted to member name, address (including country of residence), email address, and in some cases, company name, phone number, Radisson Rewards member number and any frequent flyer numbers on file.
Upon identifying this issue Radisson Rewards immediately revoked access to the unauthorized person(s). All impacted member accounts have been secured, and flagged to monitor for any potential unauthorized behavior.
We take the data privacy and security of our members very seriously and are conducting an extensive ongoing investigation into the incident to help prevent data privacy incidents from happening again in the future.”