The Radisson Hotels & Resorts chain has issued an apology letter to its North American clients that have been accommodated in some of its Canadian and US-based hotels. The letter was addressing a data breach in the hotel's credit-card security system that allowed third parties to gain access to some customer credit-card information. According to the official press release, the security system was breached between November 2008 and May 2009.
After keeping it under wraps for about three months, Radisson Hotels officials issued this letter of apology to their customers and informed the media about this incident on August 19th.
According to the hotel management, the breach was first discovered and reported by some credit-card companies (Visa, MasterCard), soon after their report, law enforcement agencies and financial and credit-card processing companies being informed and involved in the investigations.
The data breach did not occur at all hotels in North America, but hit some vulnerable points in Canada and the USA. “Radisson […] has implemented additional security measures designed to prevent a recurrence of such an attack and to protect the privacy of Radisson’s valued guests.” the open letter said regarding the aftermath in hotel security systems.
The hotel management was keeping client financial information on its database for room reservations and service purchases. According to the apology letter FAQ, only the name printed on a credit or debit card, the number on a credit or debit card, and the expiration date on the card were accessed and taken by attackers. No social security numbers were taken from the records.
No details have been given by hotel officials or the police regarding the investigation carried out at this moment in two countries. Unlike the 163,000 ChoicePoint customers that have received over 15 million dollars in compensation after a criminal attack on the service's database, Radisson Hotels customers will not be offered any monetary advantages after this leak.
Meanwhile, hotel officials are supplying free credit-card monitoring for one year for all its customers accommodated between November 2008 and May 2009, and has urged former hotel clients to alert their banks of any kind of suspicious account activities.