Radisson hotel group is one of the largest hotel groups in the world with more than 1,400 hotels in 114 countries. The hotel group informed that a small percentage of their loyalty club members had their personal information accessed by an unauthorized person. It seems that the attackers first gained access to staff accounts which led them to customer data.
The breach didn’t seem to affect credit card and password information. However, it exposed rewards member names, addresses, email addresses, company names, phone numbers, rewards member number and frequent flyer numbers. Such information is to be monetized through enhancing pattern analysis on particular individuals, either high net worth or people with specific access to something.
Since the hotel chain has its presence all over the world, GDPR is likely to come into play. Also, the hotel group was not forthright while dealing with this breach, because the breach was discovered on October 1, but the company informed the members only last week, which was after a month.
https://www.infosecurity-magazine.com/news/radisson-hotel-group-spills/