Wyndham Hotels & Resorts Shaken by Data Breach
Wyndham Hotels & Resorts (WHR) issued an open letter to its customers in February informing guests that certain Wyndham brand-franchised and managed hotel computer systems had been compromised by a hacker, resulting in the unauthorized acquisition of customer names and credit card information. According to the letter, the hacker was able to infiltrate central network connections to move information to an off-site URL before the hotel company discovered the intrusion in late January 2010. The breach is believed to have occurred between late October 2009 and January 2010. The incident did not affect other branded hotels in the Wyndham Hotel Group system.
In addition to ensuring that the hack was immediately terminated and disabled, Wyndham has retained a qualified investigator to assess the problem and to implement changes to strengthen and improve the security of the connections with each of their WHR branded properties. Additionally, the impacted properties are being separately investigated by a qualified PCI investigative firm to assess and improve the security at each hotel property in the system.
The letter notes that guest and/or cardholder names and card numbers, expiration dates and other data from the card's magnetic stripe have been exposed, but they believe that identity theft is unlikely to occur due to the limited amount of information that was compromised. Birthdates, SSNs, addresses or other personally identifying information were not kept by the hotels and said to not be a part of the compromise.
Wyndham
notified the Secret Service, as well as the payment card companies, and has transferred all the potentially compromised card numbers to the payment card companies to enable them to be alert to unusual activity.Wyndham needs to complete its initial investigation and ensure that law enforcement authorities are aware of the incident. The full investigation is expected to take more than eight weeks, and it is not until it is concluded that they will understand the full extent of the information that may have been accessed. This is expected to occur by the end of March.
Wyndham guests are urged to review their account statements and credit reports closely. Guests have the ability to have a fraud alert placed on their credit file at no charge. This alert lets creditors know of possible fraudulent activity within the report and requests that the creditor contact guests prior to establishing any accounts in their name.
Wyndham has also created a dedicated site to answer guest questions.