Omni Hotels was hit by point-of-sale malware

The hotel chain was hit by malware designed to collect payment card information

omni hotelsresorts stckd blk

Omni Hotels & Resorts logo

Omni Hotels & Resorts has reported that point-of-sale systems at some of its properties were hit by malware targeting payment card information.

The attack on the systems of the luxury hotel chain follows similar breaches of point-of-sale systems at various hotels and retailers like Hyatt Hotels, Target, Starwood Hotels & Resorts Worldwide and Hilton Worldwide Holdings.

Omni -- in Dallas, Texas -- said in a statement Friday that on May 30 this year, it discovered it was hit by malware attacks on its network, affecting specific POS systems on-site at some of its properties. “The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date,” Omni said. There isn’t evidence that other customer information, such as contact information, Social Security numbers or PINs, was compromised, it added.

The chain did not disclose how many of its 60 properties were affected and the likely number of cardholders that could have been affected. As there is no indication that reservation or select guest membership systems were affected, users were unlikely to be affected unless they physically presented their payment card at a POS system at one of the affected locations. The malware may have been in operation between Dec. 23 last year and June 14 this year, although most of the systems were affected during a shorter timeframe, according to the hotel.

The hotel chain, which operates hotels and resorts in the U.S., Canada and Mexico, could not be immediately reached for comment over the weekend for further details.

Omni said after discovering the malware attack, it had immediately hired IT investigation and security firms and has now contained the intrusion. It did not specify why it had delayed to inform customers.

Hackers have been using information stolen in the breach to make fraudulent purchases since late February, Andrei Barysevich, director of cybercrime research at Flashpoint, which worked with payment card issuers and payment processors to investigate the hack, told The Wall Street Journal. One hacker who went by the moniker JokerStash sold more than 50,000 payment card numbers related to the breach, Barysevich told the WSJ.

Omni informed customers that even if they had used their cards at any of the affected properties of the hotel, they may not be affected by the issue. However, it advised users to exercise abundant caution and to review and monitor their card statements if they used a credit card at an Omni Hotel between Dec. 23 and June 14.

Over a dozen types of malware were found last year that target point-of-sale systems, as cybercriminals  redouble efforts to steal payment card information from retailers before new defenses are put in place, FireEye said in March.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.