Radisson hotel group is one of the largest hotel groups in the world with more than 1,400 hotels in 114 countries. The hotel group informed that a small percentage of their loyalty club members had their personal information accessed by an unauthorized person. It seems that the attackers first gained access to staff accounts which led them to customer data.
The breach didn’t seem to affect credit card and password information. However, it exposed rewards member names, addresses, email addresses, company names, phone numbers, rewards member number and frequent flyer numbers. Such information is to be monetized through enhancing pattern analysis on particular individuals, either high net worth or people with specific access to something.
Since the hotel chain has its presence all over the world, GDPR is likely to come into play. Also, the hotel group was not forthright while dealing with this breach, because the breach was discovered on October 1, but the company informed the members only last week, which was after a month.
https://www.infosecurity-magazine.com/news/radisson-hotel-group-spills/
Hi Satwika,
Data breach usually happens begin with unauthorized person gained access to staff accounts. Radisson hotel group should learn a lecture from this data breach and be prepared to protect customer’s information in the future. And once the breach happens, it should be handled immediately by response team and warn customers who might be impacted as soon as possible.