Breach of the Week: Radisson Rewards

BOTW Radisson

What happened:

The Radisson Rewards program has experienced a data breach affecting “less than 10 percent” of members.  An exact number has not been released.

Information including names, physical addresses, countries of residence, email addresses, as well as some company names, telephone numbers, frequent flyer numbers and Radisson Rewards member numbers were compromised.  No financial data or passwords were affected.

It is believed that the hacker accessed the information through authorized employee accounts.  When the issue was found, the Radisson Rewards group acted by revoking access to the unauthorized person, and all impacted member accounts are secured and flagged to monitor any unauthorized behavior.

Rewards members were directly informed of the breach between October 30-31.  The hotel chain detected the breach on October 1.  The breach occurred on September 11.

The Radisson Hotel Group accounts for more than 1,400 hotels in over 70 countries.  Hotels included in the chain are the Park Plaza brand, Country Inn & Suites, Park Inn, and Radisson Collection.  The Radisson Hotel Group is based in Brussels, Belgium which means the company is held under GDPR standards.  The GDPR requires companies to report a breach within 72 hours of detection.  While there was a delay in notifying members, it is reported that the company promptly notified EU regulators.