View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Uncategorised
November 9, 2018

Radisson Hotel hack shows vulnerability of hospitality industry

Radisson Hotel Group has confirmed a data breach that exposed the personal details of “small percentage” of its Radisson Reward member’s scheme.

By Robert Scammell

Radisson Hotel Group has confirmed a data breach that exposed the personal details of “small percentage” of its Radisson Reward member’s scheme.

The hotel identified the breach on 1 October 2018. In a statement, the hotel group said that the data breach “did not compromise any credit card or password information”.

Information accessed by hackers was restricted to the names, addresses, country of residence and email addresses. In “some cases” company name, phone number, Radisson Rewards member number and frequent flyer numbers were also compromised.

The hotel chain said that it “identified” the hack on 1 October, which occurred on 11 September. However, they did not inform Radisson Rewards members until the 30 October.

It is unclear if they informed the UK’s data watchdog, the Information Commissioner’s Office. Under Europe’s General Data Protection Regulation (GDPR), an organisation has 72 hours to inform the relevant data protection body.

Rusty Carter, VP of product management at cybersecurity company Arxan Technologies, said that not all companies are taking note of GDPR.

“Even with legislation like GDPR, companies are not securing or quickly disclosing the loss of customer information,” he said.

“Consumer trust is being stressed to the limit and we may be nearing an inflection point where a dramatic consumer plus government response will have acute and long-lasting impacts on business performance.”

In the statement, Radisson Rewards said that it “takes this incident very seriously and is conducting an ongoing extensive investigation into the incident to help prevent data privacy incidents from happening again in the future.”

It is unknown who was behind the attack or how they gained access. The hospitality group warned those affected to look out for phishing attacks, in which bad actors use personal details to pose as a reputable organisation to solicit more details.

Radisson Hotel hack: Hospitality sector being targetted?

It is not the only hospitality cyberattack this year. In June, cybercriminals stole information of a similar nature to the Radisson Hotel hack from hotel booking service FastBooking.

In August, holiday and leisure firm Butlins confirmed that it had been subject to a hack affecting the records of an estimated 34,000 customers. More historically, a number of Hilton Hotels customers had their personal and payment details compromised in 2015.

Carter believes that the hospitality sector is actively being targetted by criminals.

“As financial services and other highly regulated industries lock down their apps and websites, attackers are increasingly moving on to softer targets that are still ‘data rich’ in terms of the kind of personal information that can be stolen and then monetised,” he said.

“The Radisson breach further highlights the hospitality industry as a target and the weaknesses of companies to identify attacks underway.”

The Radisson Hotel hack was first reported by Business Traveller, after a Radisson Rewards customer informed the publication of an email he received alerting him that his details had been compromised.

Read more: 88% of UK data breaches caused by human error, not cyberattacks

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. The top stories of the day delivered to you every weekday.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy


Thank you for subscribing to Verdict Food Service