topleft
topright
Radisson Hotels Reports Data Breach Print E-mail
Share This -
Digg
Delicious
Slashdot
Furl it!
Reddit
Spurl
Technorati
YahooMyWeb
Friday, 21 August 2009

By Cara Garretson

Radisson Hotels & Resorts has posted an open letter to its guests, informing them of a recent data breach but offering little additional information.

The letter, dated August 19, says that between November 2008 and May 2009 some of Radisson's computer systems in the U.S. and Canada were accessed without authorization. It does not explain how the breach may have occurred.

Radisson hasn't specified how many locations were compromised, though it says the number is limited. The data that was accessed includes guests' names and their credit card or debit card number and expiration date. The hotel says it keeps this information on hand to secure reservations and to process charges at hotel outlets such as restaurants and gift shops.

For the most part, Radisson doesn't know which guests were affected by the breach, though it states definitively that no Social Security numbers were accessed. Guests whose information was known to be accessed were sent letters reporting the breach.

The hotel chain learned about the breach from credit card companies and processors.

Radisson says it is working with law enforcement officials, but since the investigation is ongoing, the company is sharing few details about the breach. The investigation is also the reason why the company did not inform guests sooner, according to a frequently asked questions document about the incident on the company's Web site.

Radisson says it has implemented additional security measures to prevent future unauthorized access.

The open letter recommends that guests review their credit-card account statements and credit reports, and says that some guests may be eligible for free credit monitoring services for one year.

As with other companies that have notified customers of potential breaches, Radisson places the responsibility for determining whether information was accessed, and cleaning up any ensuing problems, on its customers.

"The fact that someone may have had access to personal information does not mean that you are a victim of identity theft, or that the personal information will be used to commit fraud," reads the FAQ. "We wanted to let you know about the incident so that you can take appropriate steps to protect yourself, such as by reviewing your account statements and credit report closely for unauthorized activity, and reporting any unauthorized activity to your credit card company. You may also wish to consider placing a fraud alert or security freeze on your credit files."

The Ponemon Institute last year found that consumers were largely dissatisfied by the notification process that companies use to inform them of a data breach and the potential for identity theft. According to the study, 63 percent said they were not pleased with the notification letters issued in these situations; 31 percent said they terminated their relationship with the organization following the incident. The study also reported that 26 percent of respondents took no action after being notified of a data breach that may have affected them, and 57 percent said they lost trust and confidence in the organization.




Comments (1)
RSS comments
1. 08-21-2009 13:47
 
I'm sure that we all have empathy for organizations that suffer a data breach, which affects organizations of all sizes and levels of security preparedness. However, the companies which suffer these breaches compound their risk in my opinion by drawing their tactics from the same playbook, which is to alert customers but leave them holding the bag for assessing the impact of the breach. The risk is greater for companies like Radisson where customers can make a choice as to whether to use their services again; how much of the 57 percent of respondents in the survey who said they lost trust in the organization might have changed their mind if offered a discount or complimentary evening on their next stay? If companies are going to interact with customers to give them bad news, they should (especially if in the hospitality/service industry) provide a little sugar along with the bitter pill.
Registered
 
Fred Kauber

Only registered users can write comments.
Please login or register.

 
Share This -
Digg
Delicious
Slashdot
Furl it!
Reddit
Spurl
Technorati
YahooMyWeb
< Previous   Next >




White Paper Library

Copyright © 2007-2014 CIOZones. All Rights Reserved. CIOZone is a property of MMINC Digital Inc.