Strawberry' IT systems were hit by a virus attack on the night of 2 December. The attack primarily affected the hotel systems that handle reservations, check-in, check-out and creation of new room keys.
Our investigations show no indications that data regarding individual guests have gone astray. If we should find out that your information is astray, we will get in touch with you.
Even if we have no reason to believe that your data has gone astray, our general recommendation is to always be aware of suspicious text messages, phone calls and emails. Make sure to use strong passwords and possibly two-factor authentication for your e-mail accounts.
It is important to emphasize that we do not have information indicating that credit card information in connection with booking or payment at our hotels (or via other booking channels) has been compromised in the virus attack. The computer attack has been reported to the police and notified to the Norwegian Data Protection Authority and the National Security Authority.
Please be assured that we are treating this situation very seriously. It is a fundamental principle at Strawberry that our guests should feel that their safety is paramount and that it’s safe to book hotel rooms on our website.
If you have further questions about the event, you can read our Q&A (questions and answers) at the bottom of this page.
Who is this information relevant for?
If you have been a guest at one or more of Strawberry's hotels, or because you are a member of the Strawberry.
What does this mean for you as a guest?
It is important to emphasize that we do not have information indicating that credit card information in connection with booking or payment at our hotels (or via other booking channels) has been compromised in the virus attack.
Similar virus attacks towards other corporations proves that in some cases, data that has been compromised in the virus attacks has been taken by the group performing the virus attack. Therefore, we cannot rule out that the information may be made available on the internet. Information that might have been compromised includes your name, phone number, email and information about the booking itself and your stay. If this information would be made public on the internet, you could potentially be the target of fraudulent practices. We ask you to stay conscious about suspicious text messages, phone calls and/or emails.
What security measures can you take yourself?
Always be aware of suspicious inquiries via text messages, phone calls and emails. It is recommended, as always, not to release information if you are not sure who the recipient is. If you use relatively simple passwords, and the same password in several places, we recommend that you change these to strong passwords that are not reused, and two-factor authentication for e-mail accounts where applicable, so as to prevent someone from potentially gaining access.
What do I do if I receive a suspicious text message, email or phone call?
On a general basis, you should be skeptical and ignore it. More information on how you can protect yourself against fraud can be found here: nettvett.no/veiledninger/svindel-pa-nett. If you want to report the case, you can read how to do it here:
- Norway: slettmeg.no/skjema-anmeldelse-datakriminalitet
- Sweden: etjanster.polisen.se/eanmalan/stold
- Denmark: politi.dk/hacking/anmeld-uberettiget-adgang
- Finland Finnish: asiointi.poliisi.fi/fi/yksityis/rikos
- Finland Swedish: asiointi.poliisi.fi/sv/yksityis/rikos
Can my Strawberry password go astray?
Based on the information we have right now, there is nothing that would indicate that passwords have been compromised.
On Friday 3 December, an SMS was sent by mistake to a group of members informing them that their password had been changed. The sending of the SMSs is not linked to the virus, and the error occurred as a result of a system restore that caused old messages to be resent. We are sure that these messages were not caused by the virus, and in reality no password has been changed unsolicited. On a general basis, we encourage you to change your password regularly, and not use the same passwords in multiple locations.
Is it safe to book on your website or in the app now?
It should now be safe to reserve rooms on our website and via the app. Strawberry is constantly working on measures to ensure that a similar attack does not happen again.
Can you say something more about the risk of identity theft and attempted fraud?
We can not determine with 100 percent certainty whether the data has only been accessed and further encrypted, or whether the data has been downloaded and could potentially go astray. Therefore, we can not rule out that there is a risk that this may happen.
If the virus has gained access to data that becomes available on the Internet, you could theoretically be exposed to attempted fraud or attempted misuse. We ask you to be aware of suspicious text messages, phone calls and emails. If you suspect online fraud or ID theft, you should report this to the police.
Can you guarantee that card information has not been leaked?
We follow PCI DSS (Payment Card Industry Data Security Standard) and generally do not process card information in our systems. So far we have no indication that credit card information has been compromised.
I have stayed at one of their hotels the last few days, and used my own device connected to the hotel's network. Is it possible that I got a virus on my device?
The guest network at our hotels is completely separate from the network to which the hotels' own computers are connected. Nothing indicates that private devices connected to the guest network were affected.
What are you doing to ensure that your systems are secure in the future?
We continuously make changes and upgrades in our IT Infrastructure and work with good advisers to ensure that we constantly close security gaps when we gain knowledge about these. This has always been a prioritized area for us and it will continue to be so.