Radisson Hotels Americas

Radisson Hotels Americas operates hotel properties under the Radisson brand across the United States, Canada, and Latin America. It is a subsidiary of Choice Hotels, a major lodging franchisor, and functions as part of the broader Radisson Hotel Group which maintains a global presence. The organization provides accommodations, meeting and event spaces, and related services to both business and leisure travelers. A central component of its customer engagement is the Radisson Rewards loyalty program, which collects and stores personal details including names, contact information, membership identifiers, and travel preferences. This program tracks member activity to offer tailored benefits and serves as a key relationship management tool within its regional market. The subsidiary’s operations are focused on the Americas, leveraging the established Radisson brand recognition while adhering to the standards and systems of its parent corporate structure.

The organization’s history includes two significant cybersecurity incidents that impacted guest and member data. In May 2023, a threat actor exploited a zero-day vulnerability in the MOVEit secure file transfer application, compromising a limited number of guest records held by Radisson Hotels Americas. This incident was part of a widespread campaign attributed to the Cl0p ransomware gang, which employed double-extortion tactics; however, data specific to this victim was not published on the gang’s public leak site. The parent company, Choice Hotels, confirmed the breach. Previously, in September 2018, the Radisson Hotel Group’s loyalty program database experienced unauthorized access, exposing personal details such as names, addresses, email contacts, and in some instances phone numbers, company affiliations, and frequent flyer information. That intrusion was detected weeks after the initial compromise, leading to immediate account lockdowns and enhanced monitoring. No payment card data or account credentials were exposed in the 2018 event, and affected individuals were notified approximately seven weeks after discovery, with fewer than ten percent of loyalty members estimated to be impacted. These incidents underscore the organization’s exposure to third-party software vulnerabilities and the persistent challenges of safeguarding customer information within the hospitality sector.