Dear Customer,
We are writing to inform you that the security and protection of your personal data are our top priority. Unfortunately, we regret to notify you that on 23 May 2025, a data breach occurred involving your personal data stored on the Expedia portal page, which you used to book our services.

We wish to provide you with all the relevant information and explain the actions we have taken.

What happened?
On the afternoon of Friday, 23 May 2025, between 16:00 and 17:00 (CET), our property received a phone call from a number that appeared to be linked to Expedia. The caller indicated that it was necessary to resolve matters concerning specific bookings that were, in fact, recorded in our system. During the conversation, the caller requested the communication of a verification code received by email.
The code was sent from what appeared to be a legitimate Expedia email address, and that code was relayed over the phone.
Subsequently, our staff identified a message sent to a guest via the Expedia portal page, which had not been generated by the hotel. This raised immediate concern, prompting our security team to investigate further. It was then discovered that an unauthorized access had occurred to the Grand Hotel Portovenere’s account on the Expedia portal page.

What data was involved?
The personal data involved in the breach includes the following:
•    Full name 
•    Phone number
•    Occasionally, credit card number
•    Booking details

What are the risks to your data?
If your data was collected, there may be risks related to the unauthorized use of your information. We recommend that you carefully monitor any suspicious communication or unusual activity in your online accounts.

What are we doing?
We have already taken all necessary measures to mitigate the risk to your data and prevent further damage:
•    We have immediately changed the access credentials to the portal page;
•    We have reported the incident to Expedia, requesting their immediate action;
•    We have enhanced our security systems with continuous monitoring of access and activity on the portal page;
•    We have reported the incident to the relevant authorities.

What can you do?
We advise you to be vigilant for potential fraudulent attempts made in our name or Expedia’s name, involving payment requests for services provided by the hotel. We also recommend that you carefully check and monitor any requests related to your credit card and bank account statements.

Contact
If you have any questions or require further clarification, you may contact us at +39 0187777751 , email us at privacy@portoveneregrand.com, or reach our Data Protection Officer (DPO) at avvraffaellanerini@pec.giuffre.it.

We remain at your disposal to provide you with all the necessary support.
We sincerely apologize for the inconvenience and appreciate your understanding.

Yours faithfully,
Frontemare S.r.l.