If you’ve ever stayed at a Radisson Hotel and joined the Radisson Rewards loyalty program then your loyalty to the brand may be tested somewhat by an email they have been sending some members today.
In an email, Radisson Rewards confesses that it “inadvertently sent some emails to the wrong members”. Information accidentally disclosed was apparently limited to:
- members’ first names
- the last four digits of the sixteen-digit member’s number
- point balance
- member tier
- number of hotel stays in 2019
- members’ email addresses
What is Radisson doing about the data leak? Well, it’s asking recipients to delete the offending email.
We are writing to inform you that your account was one of the member accounts impacted by this incident. We have confirmed that the information previously noted was inadvertently shared with another Radisson Rewards member via our Email communications. We have also confirmed that you inadvertently received member information that does not belong to you. We request that members delete any e-mails received inadvertently.
Radisson says that it identified the issue on 23 May, and immediately halted all email communications while it investigated more deeply. The company says that its network has not been compromised, and that accounts have not been accessed by unauthorised parties – so this is sounding like an old-fashioned goof rather than the result of some sort of intrusion by a malicious hacker.
Impacted member accounts have been flagged to monitor for any potential unauthorized behavior and we have identified the risk of unauthorized behavior as very low.
It certainly doesn’t sound like the most serious data breach ever, but no-one should welcome a company losing tight control of their data and does suggest a certain sloppiness. I guess we should feel a little comfort that the information about each individual Radisson Rewards member was only apparently sent to another unconnected Radission Rewards member – reducing the chances that it ends up in the hands of a criminal.
It’s not as though the company is any stranger to customers’ data being leaked. Last October, Radisson Rewards discovered that personal information about members, including their names, physical addresses, countries of residence, email addresses, company names, telephone numbers, frequent flyer numbers, and Radisson Rewards numbers had been accessed by hackers.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.