Radisson credit card breach a warning to businesses
It's already happened again. One week ago, ProPay warned readers of the benefits of end to end encryption in securing credit cards. Just yesterday, experts commenting on the Heartland hacker indictment told InternetNews.com that in the future, hackers would attack businesses who did not see IT security as their core competence.
Today, Radisson hotels is alerting some guests that their credit card information may have been stolen by hackers. "Between November 2008 and May 2009, the computer systems of some Radisson hotels in the U.S. and Canada were accessed without authorization," said Radisson's open letter to guests, published today.
"Radisson greatly values guest privacy and deeply regrets this incident occurred," said Fredrik Korallus, Radisson COO, in a statement. "Working with law enforcement and forensic investigators, we are conducting a thorough review of the potentially affected computer systems, and have implemented additional security measures designed to prevent a recurrence of such an attack and to protect guest privacy."
"We are also working closely with major credit card suppliers and law enforcement to ensure the incident is properly addressed," he added.
The company said it "arranged with Equifax Personal Solutions to provide eligible Radisson guests with free credit monitoring for one year if they stayed at certain Radisson properties between November 2008 and May 31, 2009. To be eligible for free credit monitoring, they must enroll by November 18, 2009. "
The incident should remind every business that they must have a strong security policy, according to David Ting, Imprivata CTO.
"This breach is just the latest in a string of high profile incidents where an enterprise's systems were inappropriately accessed. In order to decrease the likelihood of these incidents occurring, organizations need to make sure they have security policies in place, strong authentication to support those policies, solid employee education, and the ability to monitor employee access to the organization's proprietary or confidential information. In the end, as an enterprise, you better know who is accessing what, and from where," Ting said.
Because the investigation is ongoing, Radisson did not disclose details about how the attack happened.