Hospitality company Sonder has confirmed a data breach that has potentially compromised guest records.
According to a security update published on Wednesday, November 23, 2022, Sonder learned of unauthorized access to one of its systems on November 14.
“Sonder believes that guest records created prior to October 1, 2021, were involved in this incident,” the company wrote. It added that they have no evidence to indicate that accounts created after November 14, 2022, were involved.
“This suggests the company has improved their security since last October, that, or the attacker managed to access an old backup or copy of the data,” explained Mark Warren, product specialist at Osirium.
“Unauthorized access could apply to current staff, someone who left a while ago, a vendor, or an attacker,” Warren told Infosecurity.
The data potentially compromised in the breach reportedly include usernames and encrypted passwords, names, phone numbers, dates of birth, addresses and email addresses.