Everyone loves a free night in a hotel. That’s why we sign up for loyalty programs. But those eager ones raking up the points at the Radisson hotel chains should be aware they may have had personal information that was stored for that hotel chain’s loyalty program accessed by unauthorized parties…or hackers for short. The company announced recently that their systems were accessed in September and personal information was stolen.
While no payment card information or other financial information or passwords were included in the accessed data, the loyal guests’ names, addresses, email addresses, telephone numbers, frequent flyer partner numbers and other information was. Though the company says only a small number of members was affected.
Being blamed for the intrusion are some employee accounts that had access to that data. Those accounts were fraudulently accessed by the intruders. While it’s not stated exactly how they got access to those employee accounts, the most likely culprit is phishing email.
Ok, we know that it’s getting harder to identify phishing these days, but it still isn’t impossible. The number one way to avoid being a victim is to not open links or attachments that you are not expecting to receive…no matter who sends them. If you have any doubt what-so-ever about the legitimacy of a link, pick up the old-fashioned telephone sitting on the nightstand next to that hotel room bed and call the sender. If that isn’t a reasonable option, send an email to them independently of the one you received. In other words, don’t reply to the original one. Use a new window, type in the address you are sure is the right one and ask that way. Texting is another, safer option.
As the hackers find out more and more information, via this way, social media, networking, or other types of social engineering, they are able to craft very targeted email messages to us. By using information that personalizes the messages, the recipients are more likely to click on links and attachments. Be craftier than they are. Don’t click them.
While no passwords were reportedly part of this breach, it’s not a bad idea to change yours, if you are a Radisson Rewards member. Make sure it’s at least eight characters, has upper and lowercase letters, and includes a number and a special character. And if you have the option to use multifactor authentication on any online account, use it. This will prevent anyone from accessing your accounts without a second step to authenticate.
Radisson revoked access to the unauthorized person(s) and flagged the affected accounts. The Radisson chain includes Radisson, of course, but also Park Plaza, Country Inn & Suites, and Park Inn hotels as well.