Radisson Hotels & Resorts Wednesday afternoon notified its customers of a data-security breach that occurred between November 2008 and May 2009. "The forensic investigation is still under way, and we are unable to provide accurate estimates of the number of potentially exposed records at this time," a Radisson spokesperson writes in an e-mail to CardLine sister publication ATM&Debit News. Media reports that indicate 130 million customer records were compromised are false, the spokesperson writes. "The number of files at issue here is nothing close—a tiny fraction," the spokesperson adds. The breach occurred when hackers accessed the computer systems of an undisclosed number of Radisson properties in the United States and Canada. The accessed computer systems contained guest information such as the name printed on a credit or debit card, the account number and the expiration date, Radisson says in a statement. The hotel chain does not know whether a particular name, credit or debit card number, or expiration date was accessed or taken. The compromised computer systems did not include Social Security numbers. Radisson says it appears the attack came from an outside source and that it has no reason to believe it was an inside job. In light of the breach, Radisson is offering customers who stayed at its properties during the six-month period free credit monitoring for one year. Customers must enroll by Nov. 18 to be eligible.