Hotel operator warns of data breach
Attacks on point of sale systems at several upscale hotel and resort properties may have exposed card data on 3,400 customers
Computerworld - HEI Hospitality, owner and operator of upscale hotels operating under the Marriott, Sheraton, Westin and other monikers, has sent letters informing some 3,400 customers that their credit card data may have been compromised.
The warning stems from an intrusion into point of sale systems at several HEI properties earlier this year, which could have allowed card holder data being to be illegally accessed, the company said in the letter.
The intrusion could have exposed to hackers a variety of information, including credit card types, credit card numbers, expiration dates and security codes stored in the magnetic stripe on the back of each card.
The intrusions occurred between March and April, and the company sent out notification letters in August. The breach appears to have stayed largely under the media radar until it was reported this week by Databreaches.net.
A HEI spokesman today said that though the company has notified 3,400 customers, there is no indication so far that the credit card data has been misused.
A copy of the HEI letter posted on the Web site of New Hampshire's Attorney General indicates that properties in several states were impacted by the breach. Those include the Algonquin Hotel in Manhattan, five Marriott hotels and five properties in the Starwood chain operating under as Sheraton, Westin and other brands.
In each case, hackers may have accessed the payment card data between March 25 and April 17 via the compromised point of sale systems. The hackers also compromised the property management system at the Algonquin Hotel, according to the letter signed by Troy Waterman, HEI's senior vice president of finance.
HEI is offering affected customers a year's worth of credit monitoring services for free.
Attacks against point of sale systems have been an area of growing concern for the Payment Card Industry Security Standards Council, the body that administers the payment industry's PCI security rules.
The council earlier this year released new security requirements that all vendors of payment card devices are required to implement in the near-term. The requirements are designed to bolster security on retail point-of-sale card readers and include one that would enable the secure reading and encryption of sensitive cardholder data at the point where a credit or debit card is swiped.
Robert McMillan of the IDG News Service contributed to this story.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts