More than 150 people affected by Doherty Hotel breach
|
Date Reported:
8/13/10
Organization:
Doherty Hotel & Convention Center
Contractor/Consultant/Branch:
None
Location:
Victims:
Customers
Number Affected:
"more than 150"
Types of Data:
Credit and/or debit card information
Breach Description:
"CLARE – More than 150 credit card holders who frequented a local business that had its database accessed have seen fraudulent charges appear on their cards in a case that is being investigated by the U.S. Secret Service, according to authorities."
Reference URL:
The Clare Sentinel
Report Credit:
Cindy Cranmer, The Clare Sentinel
Response:
From the online source cited above:
CLARE – More than 150 credit card holders who frequented a local business that had its database accessed have seen fraudulent charges appear on their cards in a case that is being investigated by the U.S. Secret Service, according to authorities.
[Evan] The investigation appears to be far from completion. Investigators are not sure if this breach resulted from an insider (employee) or someone gaining unauthorized access through networked means (wireless, internet, etc.).
It was determined in the ongoing investigation that the “location that was compromised” was the Doherty Hotel & Convention Center in Clare, according to Douglas Zloto, resident agent in charge for the United States Secret Service.
“The Doherty Hotel has been very cooperative,” Zloto said.
He said it was determined cards that were used at the restaurant of the Doherty Hotel were targeted by the person who is fraudulently charging them.
“We’re in the process of determining the exact point of compromise,” he said.
This means that the investigation will show whether an employee accessed the data or someone was able to get around firewalls from outside the company to retrieve the card numbers.
[Evan] Do you really think that this hotel has more than one firewall? Actually, I would not be entirely surprised if the hotel had no firewall.
Zloto said the hotel has put additional protections in place so an outside hacker would not be able to retrieve information again.
[Evan] Seems like a bold statement when the investigators aren't sure how the breach happened.
“There is no other way for the system to be compromised if it was an outside hacker.”
[Evan] Uh, wrong. No offense, but statements like this usually come from someone who has limited knowledge of information security.
“If it was an inside person, it would be incredibly brazen to continue knowing the intensity of the investigation,” Zloto said. “The compromises taking place were not necessarily an employee though.
The first fraudulent charges appeared on an individual’s credit card in May 2010
Since then more than 150 other individuals have had charges appear on their credit cards.
Clare City Manager Ken Hibl said credit card fraud is a reality of today’s society. “Unfortunately, we’re all faced with that today,” he said.
[Evan] There is some truth to this, but it certainly should not lead to complacency.
A large number of the credit cards did have international purchases charged to the cards.
The average of total charges put on the credit cards are between $2,000 and $3,000.
Zloto said the purchases are being charged in multiple sales throughout the day until they reach the larger amount.
“Credit card companies are not going to hold an individual responsible for the charges,” Zloto said. “Debit cards may take longer to get the money replaced. That money is physically missing from your account.”
Zloto said area residents can contact their local police agency or the Saginaw office of the Secret Service at if their credit card has been used fraudulently or they have information on the case.
Commentary:
What I find most interesting in this case is the number of quotes from a Secret Service agent. We don't see many Secret Service agents speaking to the media in the middle of an investigation.
Past Breaches:
Unknown
Posted by Evan Francen at 8/15/2010 9:51 PM 
Categories: Doherty Hotel and Convention Center, Intrusion
Categories: Doherty Hotel and Convention Center, Intrusion
Posts Atom 1.0
Comments