Radisson Hotel Group has confirmed that it has suffered a data breach Attack.Databreach on affecting “ a small percentage of our Radisson Rewards members ” . Business Traveller was alerted to the incident by one of our readers , who had received an email from Radisson confirming that his details had been compromised Attack.Databreach . Radisson says that it identified the breach on October 1 , although it ’ s not clear exactly when the incident occured . A statement on the group ’ s website states : “ This data security incident did not compromise Attack.Databreach any credit card or password information . Our ongoing investigation has determined that the information accessed Attack.Databreach was restricted to member name , address ( including country of residence ) , email address , and in some cases , company name , phone number , Radisson Rewards member number and any frequent flyer numbers on file . “ Upon identifying this issue Radisson Rewards immediately revoked access to the unauthorized person ( s ) . All impacted member accounts have been secured and flagged to monitor for any potential unauthorized behavior . “ While the ongoing risk to your Radisson Rewards account is low , please monitor your account for any suspicious activity . You should also be aware that third parties may claim to be Attack.Phishing Radisson Rewards and attempt to gather personal information by deception ( known as “ phishing Attack.Phishing ” ) , including through the use of links to fake websites . Radisson Rewards will not ask for your password or user information to be provided in an e-mail . “ Radisson Rewards takes this incident very seriously and is conducting an ongoing extensive investigation into the incident to help prevent data privacy incidents from happening again in the future. ” Radisson says that affected members will have receives an email notification from Radisson Rewards either yesterday ( October 30 ) or today ( October 31 ) . In the FAQs Radisson stresses that credit card data was not exposed by the breach Attack.Databreach , nor were members ’ passwords or travel histories / future stays . The hotel group is the latest in a line of travel companies to suffer data breaches Attack.Databreach , with British Airways and Cathay Pacific both admitting to compromised Attack.Databreach data in the last couple of months .

For those unfamiliar with the tool , Rsync ( remote sync ) is commonly used by hosting providers , ISPs , and IT departments to backup data between servers . The ISP in question , KWIC Internet in Simcoe , Ontario , fixed Vulnerability-related.PatchVulnerability the Rsync problems after being notified Vulnerability-related.DiscoverVulnerability by Salted Hash , but it isn ’ t clear how long the company ’ s customers were exposed . Via email , Vickery shared his latest findings Vulnerability-related.DiscoverVulnerability with Salted Hash last week . [ Learn about top security certifications : Who they 're for , what they cost , and which you need . Initially , Vickery discovered databases belonging to Annex Business Media , a publishing firm with offices in Simcoe and Aurora , Ontario . One of the exposed Annex databases stood out to him , as it contained the data from the 2015 Ashley Madison data breach Attack.Databreach . The other databases contained customer information ( names , email addresses , etc . ) Salted Hash reached out to Annex Business Media and asked about the Ashley Madison records , as well as to inform them about the more recent security problems , but the company didn ’ t respond to questions . Additional digging led Vickery to discover that Annex was just one part of a larger data breach Attack.Databreach , one that affected all of KWIC Internet 's customers . “ I quickly realized that this one is going to be a real mess for someone to clean up and quite a headache to determine all the affected parties , ” Vickery told Salted Hash . In all , there were terabytes of KWIC data exposed by the breach Attack.Databreach . The information inside the leaked databases included credit card details , email addresses , passwords , names , home and business addresses , phone numbers , email backups , VPN details and credentials , internal KWIC backups , and more . The KWIC archives also included a common PHP shell named r57 , and a PHP-based DDoS tool , suggesting that the company had been hacked Attack.Databreach at some point prior to leaking their backups to the public . “ There are dozens of SQL database backup files and thousands of email backup directories containing everything from internal KWIC staff login credentials to police warrants for ISP subscriber information , ” Vickery said . Other customers exposed by the KWIC data breach Attack.Databreach include at least one law firm , Norfolk County ( norfolkcounty.ca ) , United Way ( unitedwayhn.on.ca ) , and Greenfield Dental Health Group ( greenfielddentistry.ca ) . In March of 2016 , Malwarebytes researcher Jérôme Segura discovered a KWIC customer , Norfolk General Hospital , had a compromised Joomla install that was being used to distribute Ransomware . When Segura reached out to contact the hospital about the incident , they didn ’ t respond right away because the notification was viewed as a sales pitch . KWIC thought a second Malwarebytes notification was a Phishing attack Attack.Phishing . There are a number of unknowns connected to this incident , including the root cause , the number of people and businesses affected , and again - the length of time the data remained exposed to the public . Other questions focus on the PHP shell scripts and DDoS tools , why were they there ? KWIC was contacted immediately after Salted Hash was informed about the data breach Attack.Databreach . It took multiple attempts , as the company does n't have phone support after 8:00 p.m. on weekdays , 3:00 p.m. on Saturdays ( they 're closed Sunday ) , but KWIC eventually responded via email . Twenty-four hours after being notified , the company stated the Rsync issues were fixed , However , they have n't answered any of the other follow-up questions asked by Salted Hash . On Tuesday , via email , the company said an audit was underway and affected customers would be notified once it is complete