An “information technology security incident” at Sonder Holdings has resulted in unauthorized access to one of the company’s systems that included certain guest records.
On Nov. 14, Sonder learned of unauthorized access to one of its systems that included certain guest records. The company took steps to contain the event, including making sure that the unauthorized individual no longer had access to Sonder systems, verifying that operations were not affected and investigating the scope and impact of the incident. The company also engaged security and forensic specialists to assist in its investigation and response to the incident.
Sonder believes that guest records created before Oct. 1, 2021, were involved in this incident. Some combination of the following guest information has been accessed:
- Sonder.com username and encrypted password
- Full name, phone number, date of birth, address, email address
- Certain guest transaction receipts, including the last 4 digits of credit card numbers and transaction amounts
- Dates booked for stays at a Sonder property
Additionally, Sonder believes that copies of government-issued identification such as driver’s licenses or passports may have been accessed for a limited number of guest records.
In a statement, the company said its business remains “fully operational” and the investigation into the incident remains ongoing. Sonder is notifying the appropriate regulatory bodies and has contacted law enforcement. Sonder also has launched a dedicated page for guests who have questions and will be notifying and making services available to guests whose information was involved, such as credit monitoring, identity protection or WebWatcher services, which includes monitoring of internet sites where personal information may be shared and generates an alert to the guest if evidence of their personal information is found.