Cyber Incident Victim: Radisson Hotels Americas

On September 11, 2018, Radisson Hotel Group experienced a security breach affecting its Radisson Rewards loyalty program members. Unauthorized actors accessed personal information including names, addresses, email addresses, and in some instances company names, phone numbers, Radisson Rewards member numbers, and frequent flier numbers stored in the system. The intrusion remained undetected until October 1, 2018, when internal IT personnel identified the compromise and immediately locked out the attackers to prevent further access. The breach impacted the multinational hotel chain operating across 73 countries under brands such as Radisson Blu, Radisson Red, Country Inns and Suites by Radisson, and Park Inn by Radisson. No payment card information or account passwords were exposed during the incident. The compromised data primarily consisted of identity and contact details, with the company confirming through forensic analysis that financial credentials remained secure throughout the event.

Radisson Hotel Group delayed notifying affected customers until October 31, 2018—seven weeks after breach detection and nearly eight weeks after the initial intrusion. The breach notification email specified that fewer than 10% of total Radisson Rewards members were impacted, though exact figures weren't disclosed. All compromised accounts were secured and flagged for enhanced monitoring following the containment actions. The organization initiated an ongoing investigation to determine the breach's root cause and full scope while advising cardholders to remain vigilant against potential phishing attempts or scams leveraging the stolen personal data. In its public statement, Radisson reiterated that the exposure was limited to member profiles containing non-financial identifiers, emphasizing no evidence suggested misuse of the accessed information prior to mitigation efforts.