[BreachExchange] Turtle Bay Resort, Roberts Hawaii issue warnings after payment systems hacked

[Audrey McNeil]

http://khon2.com/2017/02/24/roberts-hawaii-urges-
customers-to-check-accounts-after-payment-system-hacked/

Roberts Hawaii and Turtle Bay Resort are urging their customers to watch
for fraudulent activity after their online payment systems were hacked.

Unauthorized charges should be reported promptly to the card issuer because
payment card rules generally provide that cardholders are not responsible
for unauthorized charges reported in a timely manner.

The phone number to call is usually on the back of the payment card.

Roberts Hawaii

Roberts Hawaii says an unauthorized person had gained access to the
company’s web server and surreptitiously installed code designed to copy
information entered during the checkout process, including order ID, name,
address, email address, phone number, payment card number, expiration date
and card security code.

Roberts Hawaii received reports from several customers of fraudulent
charges appearing on their payment cards shortly after they were used to
make a purchase on its website.

Orders placed between July 30, 2015, and Dec. 14, 2016, may have been
affected.

The code was removed and the affected payment collection pages shut down.

Roberts Hawaii says all payment collection pages on the compromised server
were replaced entirely with third-party online booking software and it is
taking steps to further strengthen the security of its website to help
prevent a similar incident from happening in the future.

Affected customers can get more information online here, or call its
dedicated call center at (877) 235-0796.

“Our customers’ confidence and trust are important to us, and we sincerely
apologize for any inconvenience or concern this may have caused. We are
working swiftly to address this situation and help prevent a future
recurrence,” said Wayne Fernandez, director of safety and security for
Roberts Hawaii.

Turtle Bay Resort

Benchmark, a global hospitality company that manages Turtle Bay Resort,
says it found an unauthorized file designed to capture payment card
information as it’s routed through its payment processing system.

Findings from a cybersecurity investigation show that the malware – which
searched for track data including cardholder name, payment card account
number, card expiration date, and verification code – was installed on
certain devices that process payment card transactions at certain Benchmark
managed properties, including Turtle Bay Resort.

Payment cards used at Turtle Bay Resort from Oct. 23 to Dec. 22, 2016, may
have been affected.

Benchmark says it “has taken measures to contain this incident and
eradicate the malware. We continue to work with the cyber security firm to
further strengthen our security measures including completing the
implementation of point to point encryption and installation of EMV readers
at our properties. We are also working with the payment card networks so
that the banks that issue payment cards can be made aware and initiate
heightened monitoring on the affected cards.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170302/9a8dbdb4/attachment.html>