Notice of Data Security Incident on 14th October 2021

Notice of Data Security Incident

On 14th October 2021, we were made aware of an alleged cyber-attack threatening the security of the Centara Hotels & Resorts network. Immediately after receiving the notification, we appointed a reputable, digital forensic consultant to deploy an investigation to identify and validate the compromised data.

After the extensive and thorough forensic evaluation required to establish the veracity and details of the claim, we can confirm that a breach impacting a limited section of our network has occurred, with the general personal data of some of our customers – understood to be mostly their names and booking information, and in minor cases their phone numbers and email addresses, or some other contact information and IDs – being accessed by an unlawful and unauthorised organisation. Whilst the breach has been successfully contained, the investigation into the source, root cause and complete extent of the incident remains ongoing and we will provide more information when it becomes available.

We treat personal data and privacy with the highest levels of importance and care, and as a precautionary measure, we are asking affected guests to change their passwords as soon as possible, and to remain aware of any suspicious or unsolicited calls and/or emails requesting personal information. We can confirm that we at Centara Hotels & Resorts will not be contacting you to ask for any personal identifiable information.

Should you have any specific enquiries, you can contact our team via the following channels:

Email: datasecurity@chr.co.th
Telephone: +66 (0) 2100 6268

Our customers’ safety and trust are something we value of the highest importance. We are dedicated to ensuring that personal data is always kept safe, and accessible only lawfully and with our guests’ consent where applicable. We regret that this has not happened in this instance, and we are taking every possible action to further improve our security measures and prevent such a malicious attack in the future.

We will provide an update as soon as we learn more.

Thirayuth Chirathivat
Chief Executive Officer
Centara Hotels & Resorts

FAQ

Was my data accessed in this breach?

Once we confirm your identity, we will cross check it against the breached data file we have consolidated. If your name appears, we will be able to share with you what data was accessed. If your name does not appear, we will be able to confirm that your data is secure.

What personal data of mine are you holding?

We can confirm that the breach included the information provided in response to Q1. If you require complete details of your personal data with Centara Hotels and Resorts, please email your request to infosecurity@chr.co.th.

Can you delete my personal data?

Yes, we can if those are your instructions. You can include this instruction in an email to us at infosecurity@chr.co.th.

Is there anything I should be doing?

It is unlikely that there will be any consequences as only partial information was obtained, however we would recommend that you be vigilant and should you receive any request from Centara or in its name, please confirm back with us before responding or taking any action.

How did this happen?

We are working with a reputable, digital forensic consultant to confirm how the breach occurred to a small number of our systems.

What is Company doing to prevent anything from happening again?

The suspected systems have been disabled to prevent any further unauthorized access. We have also implemented Endpoint Detection Response (EDR) Technology for enhanced endpoint protection, upgraded DDOS Protection to prevent high volume network attacks against our websites and Network Software Solutions to monitor for suspicious traffic activities. We are confident with these and other measures in place, the threat of further events is marginalized.

Will I receive compensation?

For this purpose, we ask that you send all details to our dedicated email infosecurity@chr.co.th and we will revert back to you.

What will happen if at some point in the future my data is used in an unlawful manner?

Centara will be very sensitive to this situation should it occur. We would ask that you immediately inform us and provide full details to our dedicated email infosecurity@chr.co.th and we will get back to you as quickly as we are able to.

Do I need to file a police report?

We would suggest yes, but only if you plan to replace any of your personal documents such as your passport/identity card.

Can I cancel my Centara The 1 and/or The 1 membership?

You can cancel CentaraThe1 membership which will have no impact on The1 membership. However, if you would like to cancel The1 membership, please inform The1 customer service center at 02 660 1000.

You can cancel CentaraThe1 membership by logging in to www.centarathe1.com or, www.centara1card.com then, click on “Edit profile”. At the bottom of the page, there is a “delete account” button. Once this button is clicked and confirmed, the account will be deleted. Please note that all CentaraThe1 points and privileges will also be deleted.

If you would like Centara to delete your information, we will do so and confirm back to you.

If I cancel my CentaraThe1 membership, will my benefits be cancelled?

Yes. Your membership data profile will be removed. This will include all member benefits attached in the profile such as member status, CentaraThe1 points, and CentaraThe1 member discount.

If I would like to cancel the CentaraThe1 for family members or others, could I request to do this?

You can request to cancel CentaraThe1 membership by sending the request in writing including a copy of national ID card with signature.

If I would like to update my CentaraThe1 membership information, how I can do this?

You can update profile by logging in at www.centaraThe1.com or www.centara1card.com. Click on “Edit profile”, you can modify your personal information such as address, phone number, marketing consent message.

If you would like Centara to update the information, please send your request in writing to Centara The 1 and Centara will confirm back to you once the update has been done.

If I would like to update my (CentaraThe1) password, how I can do this?

You can update your password at www.centaraThe1.com/forget. Or you can go to www.centarathe1.com, then click on “Sign In” at the top right. Afterwards, click on “Lost your password?”, the link will bring you to the page, where you need to enter your registered email. After entering registered email, a confirmation message will be displayed and reset password email will be sent to you.

If you cannot remember your registered email, please send a request to memberservices@centara1card.com

I am a The1 member but I do not recall enrolling to be a CentaraThe1 member?

When enrolling to become a The1 member, you become eligible for member benefits of both The1 and Centara The1, since The1 is a Central-group wide programme and Centara Hotels & Resorts is a part of Central Group. This is in line with the privacy policy (www.the1.co.th/privacy) and terms (www.the1.co.th/terms-and-conditions) of The1. Upon enrolment with The1, you should also have received a welcome email from Centara The1, and you can unsubscribe from communications from CentaraThe1 at any time.

Chiang Mai

Nakhon Si Thammarat

Phuket

Samui

Antalya

Hainan

Zhaoqing

Luang Prabang

Vientiane

Pakse

Doha

Visit Samui

Visit Doha

Visit Zhaoqing

Visit Pakse

Visit Phuket

Visit Chiang Mai

Visit Luang Prabang

Visit Vientiane

Visit Hainan

Visit Antalya

Visit Nakhon Si Thammarat