POS Data Breach Impacts 49 Omni Hotels Locations

Dallas-based Omni Hotels & Resorts has announced a malware attack and data breach that impacted more than 50,000 customer credit and debit cards at 49 of the chain's 60 locations. The malware may have operated between December 23, 2015 and June 14, 2016 and was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date. 

According to a company statement, the attack was discovered on May 30 and affected specific point of sale systems on-site and does not seem to have impacted the reservation or Select Guest membership systems. The company stressed that if guests did not physically present a payment card at a point of sale system at one of the affected Omni locations, the breach should not impact them. Additionally, there is no evidence that other customer information, such as contact information, Social Security numbers or PINs, were affected by this issue.
After discovering the issue, Omni engaged leading IT investigation and security firms to determine the facts, and has now deemed to have contained the intrusion. The company shared that since the detection steps have been taken to further strengthen its systems.  

Cyber security company Tripwire notes that, “The bright spot in this breach appears to be that Omni Hotels detected the activity themselves. Many breaches in the past have been detected, not by the compromised business, but by third parties noticing fraudulent activity. Point-of-sale systems remain attractive targets for criminals. As long as they’re vulnerable and process credit card data, the status quo will remain. Security professionals at retailers should use this incident to drive a review of the controls on their own point of sale systems.”
This ad will auto-close in 10 seconds