26 November 2014

Card data exposed as Radisson Hotels becomes latest breach victim

19 August 2009  |  8267 views  |  1 anonymous figure in front of stock exchange

In the latest data breach to hit the headlines, Radisson Hotels & Resorts says its computer systems have been illegally accessed, putting customer card details at risk.

In an open letter on its Web site, the chain says some of its hotels in the US and Canada are affected by the breach, which happened between November 2008 and May.

Names on credit and debit cards, as well as numbers and expiration dates are exposed but not social security numbers. Radisson says it does not know how many people have had their data exposed.

"We recommend that you review your account statements and credit reports closely. To the extent there is any suspected unauthorized card activity, it should be reported to the bank that issued your credit card," says the letter.

The firm says it was made aware of the breach by Visa, MasterCard and payment processors and is now working with law enforcement and forensic investigators.

A review of the affected computer systems is underway and additional security measures designed to prevent a recurrence of such an attack have been implemented.

Earlier this week prosecutors charged a Miami man with hacking into the computer networks of several firms - including Heartland Payment Systems, 7-Eleven and Hannaford Brothers - and stealing the details of 130 million credit and debit cards.
KeywordsCARD FRAUD

Comments: (1)

A Finextra member | 20 August, 2009, 14:55

Over the past ten days, a string of card data thefts have been made public. Radisson Hotels & Resorts is the latest to announce that its computer systems have been illegally accessed, putting customer card details at risk. This follows the news that US authorities have charged 11 people in connection with the theft of credit card details in the country's largest-ever identity theft case. They are accused of stealing more than 40 million credit and debit card numbers before selling the information.

As fraudsters become ever more sophisticated and bold in their bid to steal credit and debit card data, financial institutions, merchants and industry players need to be confident that they have sufficient security measures in place to protect customers from fraud, even if their card details are compromised. Visa and MasterCard have been putting measures in place over the past few years to ensure that this is the case. VISA's Dynamic passcode authentication (DPA), like MasterCard's Chip Authentication Protocol (CAP), enables EMV IC cards (smart cards) to provide security in Internet transactions where the card cannot be presented to the merchant or bank. While this approach has been widely implemented for online banking, particularly in the UK, it now needs to be extended to e-commerce too. In fact, Visa has mandated that by June 2010, all Visa cardholders will need to use dynamic password strong authentication for all types of online transactions.

While security breaches and data theft instances are likely to occur regardless of how hard financial institutions and merchants try to protect their data and systems, the widespread roll-out of dynamic passcode authentication solutions in the form of personal Home Chip and PIN card readers for all online transactions will render such stolen data useless.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related stories

19 August, 2009
18 August, 2009
04 August, 2009
27 July, 2009
26 May, 2009
15 April, 2009
21 January, 2009
15 January, 2009

Featured job

Basic 1-1.3 million SEK - OTE 2.5 million SEK - NO...
Stockholm (possibly Oslo or Copenhagen)

Find your next job