Cyber Incident Victim: Sonder
Date:
Nov 2022
Location:
United States of America
Summary
A hospitality company confirmed unauthorized access to its systems, potentially compromising guest records created prior to a specified cutoff date. The breach exposed usernames, encrypted passwords, names, contact details, birthdates, addresses, email addresses, partial credit card information, booking dates, and government-issued identification copies for a limited subset of guests. The organization contained the incident by revoking unauthorized access, confirmed operational continuity, initiated an investigation, and notified affected individuals alongside regulatory bodies and law enforcement. There was no evidence of compromise for accounts established after the breach discovery date.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Sonder, a hospitality company, confirmed a data breach on November 23, 2022, after discovering unauthorized access to one of its systems on November 14, 2022. The incident potentially compromised guest records created prior to October 1, 2021, with no evidence implicating accounts established after November 14, 2022. Exposed data included usernames and encrypted passwords, full names, phone numbers, dates of birth, physical addresses, and email addresses. Additionally, compromised records contained transaction receipts displaying the last four digits of credit card numbers and payment amounts, alongside dates of booked stays at Sonder properties. A limited number of guest records also involved copies of government-issued identification documents such as driver’s licenses or passports. Sonder clarified that operations remained unaffected during the incident. The company did not disclose the exact method of unauthorized access or the identity of the threat actor but indicated the breach might have involved historical data backups or legacy systems.
Upon detecting the breach, Sonder immediately implemented containment measures to revoke the unauthorized party’s system access. The company launched an investigation to determine the incident’s scope and assess the extent of data exposure. Sonder began notifying affected guests and relevant regulatory authorities in compliance with data protection obligations. Law enforcement agencies were also contacted to support the investigation. No operational disruptions or further unauthorized activities were reported following the containment. The breach highlighted risks associated with stored sensitive guest information, particularly pre-2021 records containing financial and identity documentation. Sonder did not publicly confirm the total number of impacted individuals or specify whether the encrypted passwords were hashed with robust algorithms. The incident underscored the potential consequences of unauthorized access to legacy customer databases and backup repositories.