More than 700 upscale hotel guests affected by credit card breach
|
Date Reported:
6/23/10
Organization:
Destination Hotels & Resorts
Contractor/Consultant/Branch:
The Driskill Hotel
Location:
Victims:
Hotel guests
Number Affected:
"more than 700"
Types of Data:
"credit card data"
Breach Description:
"Computer hackers targeting travelers at luxury hotels across the country made off with hundreds of thousands of dollars during the past three months by breaking into the computer system of a national hotel chain and stealing the guests' credit card information, Texas police officials told ABC News today "
Reference URL:
KVUE.com
ABC News
Statesman.com
Report Credit:
Noelle Newton, KVUE News
Response:
From the online sources cited above:
The credit card numbers of dozens of recent guests at the downtown Driskill Hotel were stolen after thieves hacked into the accounting network for the hotel’s management company, officials said.
Austin police said they are still trying to determine the exact number of local victims, but that up to 700 people who stayed at about three dozen properties managed by Destination Hotels & Resorts nationally may have been affected.
Austin police are investigating the local thefts; agents for the U.S. Secret Service are investigating who accessed the accounting system for the company, based in Englewood, Colo.
“We are looking at losses in the hundreds of thousands, so it is pretty serious,” said Austin police Sgt. Matt Greer, who supervises the department’s financial crimes unit. “Usually, the losses are with the bank.”
[Evan] The banks will assume the immediate impact, but don't think that they won't pass the costs on to consumers. Everybody pays for shoddy information security. Over time it adds up.
Greer said hotel officials discovered and halted the breach this month and that they think most of the thefts happened in the past couple of months
He said that in some instances, authorities think the credit card numbers were sold in batches online, allowing them to be used at other merchants and businesses.
Greer says the majority of the charges registered to businesses in Europe.
Driskill vice president and managing director John Spomer said in a statement that the company has reviewed its credit card network and that “selective credit card data from some of our customers may have been illegally swept from our network by outside professionals and subsequently used by them.”
He said the company has put measures in place and that “to the extent that any customer data was stolen from our network, we believe that the potential for any future such activity related to this threat will now be stopped.”
[Evan] The vulnerability and exploit(s) used in this breach are only symptoms of deeper problems. I don't know any more about Destination Hotels & Resorts than what I have read, but I do know a thing or two about information security. I assume that we'll learn more about this breach in coming weeks and months.
Commentary:
I am interesting in knowing more about Destination Hotels & Resorts information security program. Do you think that there are some serious deficiencies? My experience leads me to believe that there are. Do you think the company was/is PCI compliant (not that PCI compliance = good information security)?
Past Breaches:
Unknown
Posted by Evan Francen at 6/25/2010 8:37 AM 
Categories: Destination Hotels and Resorts, Driskill Hotel, Hack
Categories: Destination Hotels and Resorts, Driskill Hotel, Hack
Posts Atom 1.0
Comments