Radisson Hotels & Resorts has posted an open letter to its guests, informing them of a recent data breach but offering little additional information.
The letter, dated August 19, says that between November 2008 and May 2009 some of Radisson's computer systems in the U.S. and Canada were accessed without authorization. It does not explain how the breach may have occurred.
Radisson hasn't specified how many locations were compromised, though it says the number is limited. The data that was accessed includes guests' names and their credit card or debit card number and expiration date. The hotel says it keeps this information on hand to secure reservations and to process charges at hotel outlets such as restaurants and gift shops.
For the most part, Radisson doesn't know which guests were affected by the breach, though it states definitively that no Social Security numbers were accessed. Guests whose information was known to be accessed were sent letters reporting the breach.
The hotel chain learned about the breach from credit card companies and processors.
Radisson says it is working with law enforcement officials, but since the investigation is ongoing, the company is sharing few details about the breach. The investigation is also the reason why the company did not inform guests sooner, according to a frequently asked questions document about the incident on the company's Web site.
Radisson says it has implemented additional security measures to prevent future unauthorized access.
The open letter recommends that guests review their credit-card account statements and credit reports, and says that some guests may be eligible for free credit monitoring services for one year.
As with other companies that have notified customers of potential breaches, Radisson places the responsibility for determining whether information was accessed, and cleaning up any ensuing problems, on its customers.
"The fact that someone may have had access to personal information does not mean that you are a victim of identity theft, or that the personal information will be used to commit fraud," reads the FAQ. "We wanted to let you know about the incident so that you can take appropriate steps to protect yourself, such as by reviewing your account statements and credit report closely for unauthorized activity, and reporting any unauthorized activity to your credit card company. You may also wish to consider placing a fraud alert or security freeze on your credit files."
The Ponemon Institute last year found that consumers were largely dissatisfied by the notification process that companies use to inform them of a data breach and the potential for identity theft. According to the study, 63 percent said they were not pleased with the notification letters issued in these situations; 31 percent said they terminated their relationship with the organization following the incident. The study also reported that 26 percent of respondents took no action after being notified of a data breach that may have affected them, and 57 percent said they lost trust and confidence in the organization.
Only registered users can write comments. Please login or register.