Radisson Rewards may have leaked your data… again

Radisson Rewards may have leaked your data

If you’ve ever stayed at a Radisson Hotel and joined the Radisson Rewards loyalty program then your loyalty to the brand may be tested somewhat by an email they have been sending some members today.

In an email, Radisson Rewards confesses that it “inadvertently sent some emails to the wrong members”. Information accidentally disclosed was apparently limited to:

  • members’ first names
  • the last four digits of the sixteen-digit member’s number
  • point balance
  • member tier
  • number of hotel stays in 2019
  • members’ email addresses

Radisson email

What is Radisson doing about the data leak? Well, it’s asking recipients to delete the offending email.

We are writing to inform you that your account was one of the member accounts impacted by this incident. We have confirmed that the information previously noted was inadvertently shared with another Radisson Rewards member via our Email communications. We have also confirmed that you inadvertently received member information that does not belong to you. We request that members delete any e-mails received inadvertently.

Radisson says that it identified the issue on 23 May, and immediately halted all email communications while it investigated more deeply. The company says that its network has not been compromised, and that accounts have not been accessed by unauthorised parties – so this is sounding like an old-fashioned goof rather than the result of some sort of intrusion by a malicious hacker.

Impacted member accounts have been flagged to monitor for any potential unauthorized behavior and we have identified the risk of unauthorized behavior as very low.

It certainly doesn’t sound like the most serious data breach ever, but no-one should welcome a company losing tight control of their data and does suggest a certain sloppiness. I guess we should feel a little comfort that the information about each individual Radisson Rewards member was only apparently sent to another unconnected Radission Rewards member – reducing the chances that it ends up in the hands of a criminal.

Sign up to our free newsletter.
Security news, advice, and tips.

It’s not as though the company is any stranger to customers’ data being leaked. Last October, Radisson Rewards discovered that personal information about members, including their names, physical addresses, countries of residence, email addresses, company names, telephone numbers, frequent flyer numbers, and Radisson Rewards numbers had been accessed by hackers.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.