Published 28.10.2024
Updated 29.10.2024

Visit Inari Oy (Hotel Inari, Holiday Village Inari, and Crow Creek Cabins) was unfortunately targeted by a data breach on October 21, 2024, at 7:14 PM.

We have received information that some of our customers have been sent messages via Booking.com’s chat system under the name of Visit Inari Oy.

The data breach occurred through a third-party system regardless of the two-face authorization system. Based on current knowledge, the breach has happened through phishing landing page appearing in Google search engine. We are investigating the exact causes in cooperation with authorities. Upon receiving this information on October 25, 2024, at 8:14 PM, we took immediate action to secure our customers’ data and to resolve this exceptional situation.

“We would like to emphasize that we never request payments through unofficial links or channels. We deeply apologize for the concern and potential inconvenience this may have caused.
We ask for your patience as we conduct a thorough investigation in collaboration with the police, the Data Protection Ombudsman’s office, and the Finnish Transport and Communications Agency’s Cybersecurity Center (Traficom).
If you have any questions or have received suspicious messages, please notify us immediately. We are committed to protecting our customer data and ensuring that all necessary measures are taken to prevent similar incidents in the future”, says Tommi Lappalainen, CEO of Visit Inari Oy.

The leaked data may include the following customer information of reservations made before 21.10.2024 7:14 PM for the period of 24.10.2024 – 30.12.2025:

• Customer name
• Phone number
• Email address
• Address
• Nationality
• Payment card type, expiration date, and last four digits
• Reservation costs
• Room number and type
• Arrival and departure dates
• Contact preference (e.g., email or phone)
• Travel agency, if the reservation was made through one, and possible reservation reference

If you suspect you have received a suspicious message instructing you to follow links for payment, we kindly ask that you do not open the message or click any links in it. Instead, please inform us immediately if you receive any suspicious communications. Please notice that suspicious communication make appear also through phone, WhatsApp or email besides of Booking.com communication interface.

Visit Inari Oy has contacted the customers that are involved with data breach, and we have gathered a summary of the most frequently asked questions into our websites.

We deeply apologize for the inconvenience caused and we are here to help with any questions regarding the matter.

Tommi Lappalainen
CEO, Visit Inari Oy

tel. +358 40 179 6069
email: sales@visitinari.fi