Red Roof, the hotel company, faced a cybersecurity incident in September that temporarily disrupted its systems. Contrary to concerns, guest data remained unaffected during the incident.
The company detected “suspicious activity” on September 23, which was later identified as ransomware based on factors such as the encryption of a limited subset of Red Roof data, according to a company release.
Taking prompt action, Red Roof reported the situation to federal law enforcement, swiftly securing its systems by taking affected systems offline and resetting passwords. The breach was contained to a “small number of systems” compared to the overall infrastructure, the company confirmed.
Investigations revealed that a hacker gained access to a limited number of Red Roof systems before deploying ransomware. Subsequently, personal data, including sensitive information like names, dates of birth, and financial details, was copied from the network.
Red Roof assured that none of the stolen data has been misused for identity theft or fraud. In contrast to other incidents in the industry, such as those faced by MGM Resorts International and Caesars Entertainment, Red Roof has not reported any misuse of affected individuals’ information.
As a precautionary measure, Red Roof is providing free credit monitoring services to potentially impacted individuals for the next 24 months. In response to the incident, the company has also bolstered its information technology systems’ security, implementing software and hardware to prevent, detect, and respond to unauthorized activity. Additionally, measures like password resets and new network access policies have been adopted.
Given the vulnerability of hotels to cyber threats, cybersecurity experts recommend similar proactive measures for the industry to prevent future attacks.
More Stories
Pioneering 3D-Printed Hotel Under Construction in Texas
Travel Apps Under Scrutiny for Data Privacy Violations
Canada’s Competition Bureau Takes Legal Action Against Google