- The attack was detected by the hotel chain on October 1, 2018.
- The compromised information includes names, physical addresses, email addresses and more of the hotel’s loyalty scheme members.
The Radisson Hotel Group is notifying members of its loyalty scheme about a data breach that may have resulted in the exposure of their sensitive data. The compromised information includes names, physical addresses, email addresses, phone numbers, Radisson Reward numbers and frequent flyer numbers of the members.
The attack was detected by the hotel chain on October 1. However, the attackers are believed to have gained unauthorized access to the company’s systems on September 11, 2018.
It is still unclear as to how many customers were affected by the breach. Radisson is yet to determine whether the attack occurred via a phishing email or due to a human error. However, the firm has confirmed that no credit card data and passwords were exposed.
“This data security incident did not compromise any credit card or password information. Our ongoing investigation has determined that the information accessed was restricted to member name, address (including country of residence), email address, and in some cases, company name, phone number, Radisson Rewards member number and any frequent flier numbers on file,” Radisson said in a notification email sent to customers, The Register reported.
The hotel chain is currently conducting an investigation into the breach.
"Radisson Rewards takes this incident very seriously and is conducting an ongoing extensive investigation into the incident to help prevent data privacy incidents from happening again in the future," the company said, ZDNet reported.
Radisson group has also informed the EU regulators about the breach, the ZDNet reported. In addition, the firm has disabled the access of accounts to the hackers.
"Upon identifying this issue Radisson Rewards immediately revoked access to the unauthorized person(s). All impacted member accounts have been secured and flagged to monitor for any potential unauthorized behavior,” the company said, ZDNet reported.