The Radisson Hotel Group has suffered a data breach
1.11.2019 securityaffairs
Incindent

The hotel chain Radisson Hotel Group suffered a security breach that exposed personal information of the members of its loyalty scheme.
The hotel chain Radisson Hotel Group suffered a security breach that exposed personal information (name, address (including country of residence), email address, and in some cases, company name, phone number, Radisson Rewards member number, and any frequent flier numbers on file) of the members of its loyalty scheme.

The incident has happened on September 11, but the IT staff at the Radisson Hotel Group identified it only on October first. The staff promptly locked out the intruders once discovered the data breach.

The hotel chain Radisson Hotel Group is present in 73 countries and owns several brands including the Radisson, Radisson Blu, Radisson Red, Country Inns and Suites by Radisson and Park Inn by Raddison.

The company notified the security breach to the holders of the Radisson Rewards cards only yesterday.

Payment info and passwords were exposed due to the incident.

According to the data breach notification email sent by the Radisson Hotel Group the security breach affected only a “small percentage” of the Radisson Rewards members.

Radisson Rewards-breach
Source Boarding Area website

“All impacted members accounts have been secured, and flagged to monitor or any potential unauthorised behaviour. While the ongoing risk to your Raddison Rewards account is low, please monitor your account for any suspicious activity.” reads the data breach notification.

“Radisson Rewards takes this incident cry seriously and is conducting an ongoing extensive investigation into the incident to help prevent data privacy incidents from happening again in the future.”

At the time of writing, there are no technical details about the data breach.

“The data security incident impacted less than 10 percent of Radisson Rewards member accounts,” a Radisson spokesman told ElReg.

Cardholders should be cautious about potential scams carried out by cybercriminals in possession of the stolen data.