Security Update

What happened?

On November 14, 2022, Sonder learned of unauthorized access to one of its systems that included certain guest records.

Sonder believes that guest records created prior to October 1, 2021 were involved in this incident. Some combination of the following guest information has been accessed:

  • Sonder.com username and encrypted password
  • Full name, phone number, date of birth, address, email address
  • Certain guest transaction receipts, including the last 4 digits of credit card numbers and transaction amounts
  • Dates booked for stays at a Sonder property

Additionally, Sonder believes that copies of government-issued identification such as driver’s licenses or passports may have been accessed for a limited number of guest records.

How did we respond?

Upon this discovery, the Company took swift action. The Company took steps to contain the event, including making sure that the unauthorized individual no longer had access to Sonder systems, verifying that operations were not affected, and investigating the scope and impact of the incident. The Company also engaged leading security and forensic specialists to assist in its investigation and response to the incident. 

Sonder is notifying the appropriate regulatory bodies and has contacted law enforcement.

What has been done to remedy the situation?

Sonder has taken the following steps to help guests monitor and protect their information:

  • Launched this dedicated page at blog.sonder.com for guests who have questions about this incident.
  • Sonder will be notifying and making services available to guests whose information was involved in this incident, such as credit monitoring, identity protection, or WebWatcher services, which includes monitoring of internet sites where personal information may be shared and generates an alert to the guest if evidence of their personal information is found.
  • Guests who believe their information may have been involved in this incident can email [email protected] or can call 1-855-504-2761 (U.S., Canada, Mexico) or +44 20 7570 0344 (Europe and all other regions) to access the provided services.

I don’t know if I have a Sonder account or if I was affected?

We will be notifying and making services available to guests whose information was involved in this incident. Guests who believe their information may have been involved in this incident can email [email protected] or can call 1-855-504-2761 (U.S., Canada, Mexico) or +44 20 7570 0344 (Europe and all other regions) to access the provided services.

My Sonder account was created after November 14, 2022 (or after the date you say you were first made aware). Does that mean I am not impacted?

We have no evidence to indicate that accounts created after November 14, 2022 were involved.

My Sonder account was created after October 1, 2021, does this mean I am not impacted?

Our investigation is still ongoing. We believe that guest records created prior to October 1, 2021 were involved in this incident. Additionally, we believe that copies of government-issued identification such as driver’s licenses or passports may have been accessed for a limited number of guest records. 

We will be notifying and making services available to guests whose information was involved in this incident.

How can I have my information removed from the Sonder systems or delete my Sonder account?

You can review, update, correct or delete the personal information in your Sonder account by contacting us at [email protected].

Was my payment information affected?

At this time, we have no evidence that full credit card information was accessed.

Where will you be posting updates?

You can find all updates of note posted within this FAQ.

How do I set up my credit monitoring, identity protection or WebWatcher services?

Please contact [email protected] or call 1-855-504-2761 (U.S., Canada, Mexico) or +44 20 7570 0344 (Europe and all other regions).

What other steps can I take to help secure my information?

Change your password on any other accounts where you use the same details as your affected Sonder.com account to log-in.

Set up multi factor authentication (MFA) or similar, if it is available, on any other accounts where you use the same details as your affected Sonder.com account to log-in.

Additionally, always be alert to the possibility of receiving phishing, impersonation or scam emails, text messages or phone calls. If you receive any communication which seems unusual or suspicious, verify it before taking any action or disclosing any information. Never click on links or attachments you cannot verify, and do not share any sensitive information such as banking or credit card details or passwords. If in doubt, contact the organization via the channels listed on their official website. 

Please note that Sonder will not notify you by telephone in relation to this incident. Notifications will be done via email or physical mail. If you receive any calls claiming to be from a Sonder representative and you are unsure of their veracity, hang up and call 1-855-504-2761 (U.S., Canada, Mexico) or +44 20 7570 0344 (Europe and all other regions).


Share this: