Choice Hotels: Radisson guest info breached in MOVEit attacks


Choice Hotels International confirms guest data from its Radisson Hotels Americas chain has been compromised as part of the massive MOVEit file transfer system hack carried out by the Cl0p ransom gang.

Radisson Hotels Americas, which was acquired by Choice Hotels last August, has nearly 600 hotels operating and under development.

“Unfortunately, we have confirmed that MOVEit software, from our vendor, had a vulnerability that was exploited by bad actors, resulting in data breaches affecting many of their customers, including Radisson Hotels Americas,” Choice Hotels confirmed to Cybernews Monday.

ADVERTISEMENT

“While our investigation is still ongoing, we have identified a limited number of guest records that were accessed by these bad actors,” it said.

Cl0p leak site MOVEit Radisson Hotels
Cl0p leak site

“Choice Hotels takes cybersecurity and privacy very seriously. The integrity of our customers’ information is of the utmost importance, and significant resources are dedicated to continuously monitor the cyber landscape, including guidance from regulators, so that we can evaluate and adjust as needed,” it said.

So far, the Russian-linked Cl0p gang has not posted any data it may have stolen from Radisson on its dark leak site.

As it does with all victims who refuse to negotiate, Cl0p accused the company of not caring about its customers data and ignoring its security.

Cl0p leak site MOVEit Radisson Hotels 2
Cl0p leak site

In an abundance of caution, Choice said it is in the process of notifying affected guests.

The international hotel group is the parent company of more than a dozen hotel chains ranging from higher-end hotels such as the Ascend Hotel Collection and Clarion Pointe to economy motels such as Rodeway Inn and Econo Lodge.

ADVERTISEMENT

Choice has not revealed if any other of its hotel brands have been impacted by the MOVEit hack at this time.

MOVEit victims continue to surface

Cl0p began to leak the names of victims affected by the MOVEit attacks back on June 14th. So far, there are at least 120 victims listed on the Cl0p leak site, with more expected in the coming weeks, if not months.

The Moveit Transfer system distributed by the American software company Progress is used by thousands of companies globally to securely send and receive files.

Experts we’ve spoken to say that around 3,000 deployments of the MOVEit application were active when the vulnerability was first discovered.

Cl0p made headlines in March, claiming responsibility for another zero-day attack exploiting the similar Go Fortra Anywhere file management system affecting roughly 120 companies worldwide.

It is thought the number of MOVEit victims will be at least double that of the Go Anywhere hacks.

Siemens Energy, UCLA, and the NYC Department of Education are the latest to confirm they were hit in the attacks. Shell Global, hit in both attacks, was the first victim claimed by the ransom group in June.

Other big names impacted by MOVEit include PWC, Ernst & Young, Sony, and several US federal agencies, including the Department of Energy and Health.

The White House has recently issues a $10 million reward for any information leading to a Cl0p member arrest.

The gang commonly employs the “double-extortion” technique of stealing and encrypting victim data, refusing to restore access, and publishing exfiltrated data into its data leak site if the ransom is not paid.

ADVERTISEMENT