On January 11, 2016, we detected unusual user activity with a small number of accounts, including yours, which we believe resulted from an unauthorized user accessing the accounts using customers’ usernames and passwords. The accessed data could have included name, address, email address, hotel booking history, loyalty points, and the last four digits of stored credit cards — but only if a user selected the option to save credit card numbers.

We are not aware of any evidence that your information has been stolen or misused. No bank account or full credit card information was included in this data. If you’re a member of our loyalty program, your rewards account was not compromised.

We are taking steps to ensure the continued security of your data, including resetting all compromised passwords. When you attempt to log into your account, you will receive a message that provides you instructions to change your password.

The following are tips on how better to protect your account:

• To reset your password, click the “forgotten your password” link and follow the instructions on the screen.
• Because an unauthorized user accessed your account using your username and password, we recommend that you create an entirely different password and one that is not shared with any other online service. Strong passwords are at least eight characters long, contain upper and lowercase letters, plus numbers and symbols.
• Verify your account details are correct by validating your email address and other account information. If you notice anything unusual with your account details, please contact us.

The security of our customers and their account information is one of our highest priorities and we apologize for any inconvenience this issue may cause you. If you have questions, please feel free to contact Hotels.com at 800-246-8357. Please note that our Customer Service agents will not be able to assist you with changing your password — only you can change your password online.

Sincerely,
Hotels.com Customer Support