Data theft at Radisson Hotel Group

The Radisson Hotel Group suffered a security breach that exposed personal information of its loyalty scheme members

Information security and digital forensics experts from the International Institute of Cyber Security report that the Radisson Hotel Group has suffered a security breach that exposed personal information (name, address, country of residence, email address and, in some cases, company where the user works, phone number, identification number in the Radisson Rewards program) of the members of its loyalty reward scheme.

The incident occurred on September 11th, but the information technology staff at Radisson Hotel Group identified it until early October. The hotel’s digital forensics teams quickly blocked access to personal information once they discovered the security breach.

The Radisson Hotel Group has presence in 73 countries and has several brands including Radisson, Radisson Blu, Radisson Red, Country Inns and Suites by Radisson, and Park Inn by Raddison. The company is in the process of directly notifying each member of its rewards program that may have been affected by the incident.

According to reports from experts in digital forensics, payment card data and access passwords were not exposed in this security breach.

According to the security report of Radisson Hotel Group, the security breach only affected a “small percentage” of the Radisson Rewards program members: “All the accounts of the affected members are already protected and are being monitored in search of any anomalous activity. While the risk to Raddison Rewards accounts is low, users are encouraged to personally review the activity in their account to detect any suspicious behavior”, says the company’s security report.

“Radisson Rewards takes this incident seriously and is conducting a thorough investigation to help prevent something like this from happening again in the future”.

Technical details about this security breach are not yet made public.

Anyways, cybersecurity and digital forensics specialists from the International Institute of Cyber Security recommend that the holders of these accounts be wary of possible scams carried out by cybercriminals in possession of the stolen data.

The official declaration of Radisson Hotel Group on the incident mentions that the affected members of their global loyalty program, Radisson Rewards, should be informed about the security incident that occurred last October.

According to the company, the data security incident impacted less than 10% of the accounts of the Radisson Rewards members and did not commit the payment card data. The company’s investigation has determined that the information to which it was accessed is limited to personal data, such as name, address, country of residence, email address and, in some cases, company where it works and telephone number. The cybersecurity community is in the expectation of further reports on the incident.