privacy

Radisson Hotel Group Member Details Leaked in ‘Data Security Incident’

10% of all Radisson Rewards members have had their personal contact details exposed as the hotel chain reveals it has been aware of the hack for almost a month

Callum Tennent
By Callum Tennent

On October 31 Radisson Hotel Group made its Radisson Rewards members aware of a data breach that may have revealed their personal data.

In what the hospitality chain has referred to as a ‘security incident’, the names, physical addresses and email addresses of 10% of its total number of loyalty scheme members were subject to ‘unauthorized access’. No passwords or payment card details were compromised, although in some cases company name, phone number, Radisson Rewards member number and any frequent flyer numbers on file were also exposed.

The data breach took place on September 11, while Radisson Hotel Group became aware of it on 1 October. With members only being contacted on 31 October, that means that Radisson waited almost a month before letting affected parties know.

Europe’s General Data Protection Regulation (GDPR) clearly dictates that businesses have 72 hours from the discovery of a data breach to alert the relevant authorities. There’s a very strong chance that Radisson broke this regulation in its lethargic handling of this incident.

Radisson is the world’s 13th-largest hotel chain by number of rooms available and, while it hasn’t clarified exactly how many people ‘10%’ of its Radisson Rewards members actually is, it will likely be a figure in the thousands. It’s currently unknown how Radisson will be punished, but it will most probably be a sizable fine.

Radisson hasn’t detailed exactly what systems those responsible for the hack accessed, or the technologies they exploited in order to do so. It has said: “Radisson Rewards takes this incident very seriously and is conducting an ongoing extensive investigation into the incident to help prevent data privacy incidents from happening again in the future.”

The chain has stated that all impacted members have already been notified. That said, if you’re concerned by news of the breach and would like to check first-hand if your account has been affected you can find Radisson contact details for your region here.While we can’t recommend a list of cyber-secure hotel chains, we can help you guard yourself from identity theft. For all the information you need, take a look at our guide How to Protect Your Identity Online.