The Radisson Hotel Group joins the ranks of globally-recognized brands to be on the receiving end of a successful hack. According to the company, a small percentage of their loyalty club members had some of their personal information accessed by an unauthorized and as yet unknown third party. The company reports that no credit or debit card information was stolen.
The data breached was limited to:
Although this breach impacted a relatively small number of users, all of them are high net worth individuals. This at least hints at the hacker’s motivations. Massive data breaches seek to expose millions, or even tens of millions of user accounts so they can be sold in bulk on the Dark Web. A more targeted attack like this one, however, is clearly designed to target influential individuals with deep and widespread connections. Potentially, the damage caused by targeting such individuals could be much more far-reaching.
The Radisson Group responded quickly, first by revoking the access of the unauthorized individual as soon as it was detected, and second by flagging and monitoring all user accounts impacted by the breach. The company is taking an active role in monitoring impacted accounts for the foreseeable future, and individuals who had their personal information compromised have been notified.
If you’re a member of the Radisson Rewards Club and haven’t yet received a notification, then there’s nothing to be done or to worry about. If you have received a notification, simply follow the instructions you received and you’re all set.
While unfortunate, Radisson’s handling of the incident has been exemplary, and serves as an excellent case study for other companies on how to respond to events like these.