Radisson Rewards may have leaked your data… again

Graham Cluley

Radisson Rewards may have leaked your data

Radisson Rewards may have leaked your data

If you’ve ever stayed at a Radisson Hotel and joined the Radisson Rewards loyalty program then your loyalty to the brand may be tested somewhat by an email they have been sending some members today.

In an email, Radisson Rewards confesses that it “inadvertently sent some emails to the wrong members”. Information accidentally disclosed was apparently limited to:

  • members’ first names
  • the last four digits of the sixteen-digit member’s number
  • point balance
  • member tier
  • number of hotel stays in 2019
  • members’ email addresses

Radisson email

What is Radisson doing about the data leak? Well, it’s asking recipients to delete the offending email.

We are writing to inform you that your account was one of the member accounts impacted by this incident. We have confirmed that the information previously noted was inadvertently shared with another Radisson Rewards member via our Email communications. We have also confirmed that you inadvertently received member information that does not belong to you. We request that members delete any e-mails received inadvertently.

Radisson says that it identified the issue on 23 May, and immediately halted all email communications while it investigated more deeply. The company says that its network has not been compromised, and that accounts have not been accessed by unauthorised parties – so this is sounding like an old-fashioned goof rather than the result of some sort of intrusion by a malicious hacker.

Impacted member accounts have been flagged to monitor for any potential unauthorized behavior and we have identified the risk of unauthorized behavior as very low.

It certainly doesn’t sound like the most serious data breach ever, but no-one should welcome a company losing tight control of their data and does suggest a certain sloppiness. I guess we should feel a little comfort that the information about each individual Radisson Rewards member was only apparently sent to another unconnected Radission Rewards member – reducing the chances that it ends up in the hands of a criminal.

It’s not as though the company is any stranger to customers’ data being leaked. Last October, Radisson Rewards discovered that personal information about members, including their names, physical addresses, countries of residence, email addresses, company names, telephone numbers, frequent flyer numbers, and Radisson Rewards numbers had been accessed by hackers.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.