[BreachExchange] Dallas-based Omni Hotels announces data breach of 50, 000 credit, debit cards

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jul 12 20:23:00 EDT 2016


http://www.dallasnews.com/business/restaurants-hotels/20160712-dallas-based-omni-hotels-announces-data-breach-of-50000-credit-debit-cards.ece

Dallas-based Omni Hotels & Resorts says it was the victim of a malware
attack and data breach that impacted more than 50,000 customer credit and
debit cards at 49 of the chain's 60 locations.

The data breach was detected on May 30, the company said.  The company said
it did not notify consumers until it had worked with an IT security company
to fix the problem.

Several forms of personal payment information were taken during the malware
attack, including credit and debit card numbers, cardholder names, security
codes and expiration dates. Debit card PINs and customer contact
information was not revealed during the breach.

The company has not said which of its North American locations was
affected. There is no evidence the breach impacted the company's online
reservation system, which means only customers  who used their cards at the
register would be affected by the hack.

Omni said the malware may have been in operation between Dec. 23, 2015 and
June 14, 2016, but most of the systems were affected for a shorter time.
It did not elaborate on how the breach was discovered or how the hackers
gained entry.

Here's part of the company's statement:

"Upon learning of the intrusion, we promptly engaged leading IT
investigation and security firms approved by the major credit card
companies to determine the facts and contain the intrusion. The issue has
been resolved, and we have taken steps to further strengthen our systems.
We have contacted law enforcement and are cooperating with its
investigation.

Even if you used your payment card at one of the properties involved, it
does not mean you will be affected by this issue. Out of an abundance of
caution, you may want to review and monitor your payment card statements if
you used a payment card at an Omni hotel during the above referenced dates.
If you believe your payment card may have been affected, please contact
your bank or card issuer immediately. We also are offering one year of free
identity theft protection and repair to all affected guests to provide an
added safeguard."

Similar attacks struck Hyatt Hotels, Starwood Hotels & Resorts and Hilton
within the past year. Large retailers, including Target, also have been hit.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160712/2a6d97ba/attachment.html>


More information about the BreachExchange mailing list