Malware on the payment network exposed credit card details.
Orlando-based Rosen Hotels and Resorts Inc. (RH&R) disclosed a data breach last week that impacted an unknown number of guest credit cards. The upscale hospitality provider says that the cards were compromised by malware on the payment network.
The hotel first learned of the problems after they started to receive unconfirmed reports on February 3 pertaining to patterns of unauthorized charges on cards shortly after they were used by guests during their stay. An investigation of the matter, which involved an outside security firm, discovered malware on the payment network.
The malware, RH&R explained, “searched for data read from the magnetic stripe of payment cards as it was routed through the affected systems.”
“In some instances the malware identified payment card data that included cardholder name, card number, expiration date, and internal verification code. In other instances the malware only found payment card data that did not include cardholder name. No other customer information was involved,” the statement added.
The breach could impact any card used at RH&R properties between September 2, 2014 and February 18, 2016. Where possible, the hotel will be contacting guests directly if their personal information was exposed along with the card data, but only if there is current contact information on file.
Everyone else is being encouraged to monitor their card statements, and report any suspicious transactions. RH&R is working with card brands and banks to identify the affected cards in order to increase monitoring.