The Radisson Hotel Group suffered a data breach that impacted its loyalty and rewards program customers, reported ZDNet.
According to a report in ZDNet citing information sent to Radisson Rewards members, the customers were informed on October 30 and October 31 that the hotel group discovered a security incident on the first of the month that may have resulted in personal information being leaked. The company said the so-called security incident, which impacted a “small percentage of Radisson Rewards members,” occurred on September 11, reported ZDNet, noting that information including names, physical addresses, countries of residence, email addresses, and some company names, telephone numbers, frequent flyer numbers, and Radisson Rewards member numbers were accessible in the breach. ZDNet noted Radisson Hotel Group said no financial data or passwords were impacted by the breach. It wouldn’t say how many members of its loyalty and reward programs were impacted other than to say it was fewer than 10 percent, noted the report.
“Upon identifying this issue Radisson Rewards immediately revoked access to the unauthorized person(s). All impacted member accounts have been secured and flagged to monitor for any potential unauthorized behavior,” the company said. “Radisson Rewards takes this incident very seriously and is conducting an ongoing extensive investigation into the incident to help prevent data privacy incidents from happening again in the future.”
It’s not clear what the impact from the delay in reporting the breach will be, given the fact that under the European General Data Protection Regulation or GDPR, which went on the books on May 25, companies have to report an incident within 72 hours of the organization becoming aware of the breach. If they fail to comply and are busted, they could be fined as much as 10 million euros or four percent of global turnover, whichever is more, noted the report. Raddison, which is based in Brussels, told ZDNet that “upon discovering the data incident, Radisson Hotel Group promptly informed EU regulators of the situation.”