Data accessed during the breach included guest records created prior to 1 October, 2021, some of which involved Sonder account holders’ usernames, passwords, full names, phone numbers, home addresses, email addresses and dates of birth.
Some data also may have included guest receipts with the last four digits of credit card numbers, transaction totals and booking dates at Sonder properties, according to the company.
Some forms of identification, including driver’s licenses and passports may have been accessed for a “limited number of guest records,” according to the company.
Sonder, which has properties in the UK and Ireland, first discovered the breach on 14 November, when it said it “took steps to contain the event, including making sure that the unauthorised individual no longer had access to Sonder systems, verifying that operations were not affected, and investigating the scope and impact of the incident”.
Sonder said in a statement that its “business remains fully operational and the investigation into this incident remains ongoing”.
Sonder established a dedicated landing page and email address for guests concerning the incident.
The incident follows a corporate restructure in June that saw the hospitality start-up cut 21 per cent of its corporate employees and seven per cent of its front-line staff. Similar data breaches have also recently been reported at InterContinental Hotels Group and Marriott International.
By Angelique Platas
