Short-term accommodation provider Sonder Holdings on Wednesday confirmed some of its systems, including “certain” guest records that may include driver’s licenses and passports, were exposed in a data breach.
Data accessed during the breach included guest records created prior to Oct. 1, 2021, some of which involved Sonder account holders’ usernames, passwords, full names, phone numbers, home addresses, email addresses and dates of birth. Some data also may have included guest receipts with the last four digits of credit card numbers, transaction totals and booking dates at Sonder properties, according to the company.
Some forms of identification, including driver’s licenses and passports may have been accessed for a “limited number of guest records,” according to the company.
Sonder first discovered the breach Nov. 14, when it said it “took steps to contain the event, including making sure that the unauthorized individual no longer had access to Sonder systems, verifying that operations were not affected, and investigating the scope and impact of the incident.”
Sonder said its “business remains fully operational and the investigation into this incident remains ongoing,” in the release.
Sonder established a dedicated landing page and email address for guests concerning the incident.
The lodging industry has proven a juicy target for data hackers, with InterContinental Hotels Group and Marriott International previously reporting breaches in 2022, with several other hotel companies reporting similar incidents in prior years.