The Radisson Hotel Group has experienced a data breach impacting members of the firm’s loyalty and rewards scheme.
The chain accounts for over 1,400 hotels in over 70 countries and includes the Park Plaza brand, Country Inn & Suites, Park Inn, and Radisson Collection.
Commenting on the cause of the data breach, and how Radisson Hotel Group can prevent them going forward, is Paul Walker, Technical Director at One Identity.
Paul Walker, Technical Director at One Identity:
“The hotel chain’s advisory suggests that potentially employee accounts, which had permission to access this data, were at fault and fraudulently accessed by an attacker.
An obvious response to this would be PAM. Employee accounts that have privileged access to systems containing sensitive information should be controlled. Controls come in many forms, such as effective password polices enriched with two factor authentication. Higher levels of controls would involve recording the access to such systems with realtime analytical digital footprinting to compare the user’s behaviour to previous access attempts. There’s no excuse for not failing to implement controls on key systems like this.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.