Monday, May 6, 2024
Latest:
The Register 

Check this out: Radisson Hotel Group ‘fesses up to ‘security incident’

TH Author

Radisson Hotel Group has told members of its loyalty scheme that their personal details were exposed in a data breach.

Man opens hotel room with key card

Hotel, motel, Holiday Inn? Doesn’t matter – they may need to update their room key software

READ MORE

The hotel chain and conference centre fave said it “identified” the security foul-up on 1 October, weeks after it happened on 11 September, but only emailed holders of the Radisson Rewards cards that are affected yesterday.

The mail sent by the group stated:

The breach affected a “small percentage” of the Radisson Rewards members, the email stated, but didn’t provide any specifics about numbers.

The hotel chain said that when it identified the “issue” it immediately revoked access to the unauthorised person or persons.

“All impacted members accounts have been secured, and flagged to monitor or any potential unauthorised behaviour. While the ongoing risk to your Raddison Rewards account is low, please monitor your account for any suspicious activity.”

It added that loyalty card holders should also be cautious about potential phishing scams as miscreants may attempt to build on the information already gathered.

“Radisson Rewards takes this incident cry seriously and is conducting an ongoing extensive investigation into the incident to help prevent data privacy incidents from happening again in the future.”

The business made no reference to which system the miscreants snuck in through, or provided any other technical details. We have sent a bunch of questions to the relevant employees.

The group operates various brands including the Radisson, Radisson Blu, Radisson Red, Country Inns and Suites by Radisson and Park Inn by Raddison, spread over 990 locations in 73 countries.

Radisson made no reference to informing the UK’s Information Commissioner’s Office of the breach.

El Reg has asked the ICO to comment. Under the European General Data Protection Regulation introduced in the UK on 25 May, a business has 72 hours after becoming aware of the breach to inform the data watcher of a security scuffle. If it doesn’t meet those requirements, the business has to explain why. ®

Sponsored: Following Bottomline’s journey to the Hybrid Cloud

READ MORE HERE