Choice Hotels International confirms guest data from its Radisson Hotels Americas chain has been compromised as part of the massive MOVEit file transfer system hack carried out by the Cl0p ransom gang.
Radisson Hotels Americas, which was acquired by Choice Hotels last August, has nearly 600 hotels operating and under development.
“Unfortunately, we have confirmed that MOVEit software, from our vendor, had a vulnerability that was exploited by bad actors, resulting in data breaches affecting many of their customers, including Radisson Hotels Americas,” Choice Hotels confirmed to Cybernews Monday.
“While our investigation is still ongoing, we have identified a limited number of guest records that were accessed by these bad actors,” it said.
“Choice Hotels takes cybersecurity and privacy very seriously. The integrity of our customers’ information is of the utmost importance, and significant resources are dedicated to continuously monitor the cyber landscape, including guidance from regulators, so that we can evaluate and adjust as needed,” it said.
So far, the Russian-linked Cl0p gang has not posted any data it may have stolen from Radisson on its dark leak site.
As it does with all victims who refuse to negotiate, Cl0p accused the company of not caring about its customers data and ignoring its security.
In an abundance of caution, Choice said it is in the process of notifying affected guests.
The international hotel group is the parent company of more than a dozen hotel chains ranging from higher-end hotels such as the Ascend Hotel Collection and Clarion Pointe to economy motels such as Rodeway Inn and Econo Lodge.
Choice has not revealed if any other of its hotel brands have been impacted by the MOVEit hack at this time.
MOVEit victims continue to surface
Cl0p began to leak the names of victims affected by the MOVEit attacks back on June 14th. So far, there are at least 120 victims listed on the Cl0p leak site, with more expected in the coming weeks, if not months.
The Moveit Transfer system – distributed by the American software company Progress – is used by thousands of companies globally to securely send and receive files.
Experts we’ve spoken to say that around 3,000 deployments of the MOVEit application were active when the vulnerability was first discovered.
Cl0p made headlines in March, claiming responsibility for another zero-day attack exploiting the similar Go Fortra Anywhere file management system affecting roughly 120 companies worldwide.
It is thought the number of MOVEit victims will be at least double that of the Go Anywhere hacks.
Siemens Energy, UCLA, and the NYC Department of Education are the latest to confirm they were hit in the attacks. Shell Global, hit in both attacks, was the first victim claimed by the ransom group in June.
The White House has recently issues a $10 million reward for any information leading to a Cl0p member arrest.
The gang commonly employs the “double-extortion” technique of stealing and encrypting victim data, refusing to restore access, and publishing exfiltrated data into its data leak site if the ransom is not paid.
More from Cybernews:
Subscribe to our newsletter