- Let us know within 48 hours of detecting the incident. The sooner we know about any issue, the sooner we can contain and monitor it.
- Let us know if you have contained the breach and if any further steps are being taken.
- As soon as you can, send us the following details about the incident:
- Attack vector (the steps taken by the attacker).
- Impact: this could be on reservations or elsewhere.
- The steps you have taken to make sure this type of incident doesn’t happen in the future.
- Whether you have contacted properties that were affected.
- Residual risk: how much risk you think there still is, once you’ve taken action to guard against future incidents.
Please keep in mind that if an incident is ongoing and we don’t receive the necessary details in time, we may have to block PII and PCI delivery through our connectivity channels as a containment measure.