Radisson Hotels revealed Wednesday that a "limited" number of guests may have had their credit or debit card data stolen, due to a breach of the computer systems at some of the chain's hotels.
The illegal access was discovered this past spring. The company says the breaches took place between November 2008 and May 2009 at some hotels in the United States and Canada. "At this time we do not know how many properties and/or consumers/guests were affected," according to a FAQ on the Radisson Web site.
A Radisson spokesman did say that the attack appears to be from an "outside source" and that the company has "no reason to believe it was an insider."
But Radisson didn't even realize the attack had taken place until it was contacted by several credit card companies and card processors. The company says it's taken "additional security measures" to block any future such attacks, and is working with card issuers and credit reporting agencies to identify and resolve any fraudulent usage.
Because the forensic study on what happened is still underway, and federal criminal investigations have been launched in both countries, Radisson reported few other details.
The costs associated with data breaches is rising steadily, according to a study earlier this year by The Ponemon Institute. The report said the total average cost of coping with the consequences of a breach rose to $6.6 million per breach, up from $6.3 million in 2007 and $4.7 million in 2006. The Radisson revelation comes just days after the indictment of three men on charges stealing millions of data records from payment processor Heartland Payment Systems, and three other companies.
An "open letter" on Radisson's Web site, says the "number of potentially affected hotels involved in this incident is limited." But the data exposed could include the guest’s name printed on a debit or credit card, and the card numbers and expiration dates. No Social Security numbers were stored on the targeted computers, according to a companion FAQ.
The FAQ goes into some detail on how guests can contact and work with the credit reporting agencies to identify fraudulent usage. Radisson encourages guests who think they might have been affected to use the links above, or call the company at 866-584-9255.
The hotelier is offering "eligible" guests up to one year of free credit monitoring via Equifax Personal Solutions.
This story, "Radisson Hotels: Data breach affected 'limited' number of sites, guests" was originally published by Network World.