It is unclear how many transactions have been impacted, but The Houstonian Hotel, Club & Spa in Texas has already notified more than 10,000 customers that their payment card data was exposed in a roughly six-month-long attack on the hotel's payment processing systems.
How many victims? More than 10,000 customers have been notified.
What type of personal information? Payment card data.
What happened? The Houstonian Hotel's payment processing systems were compromised in a “malicious software attack” for roughly six months.
What was the response? The Houstonian Hotel fully replaced and overhauled its breached systems, further restricted access to all of its servers, and hired a data forensics firm to aid in enhancing digital security. Customers notified by email were offered a free year of credit monitoring services.
Details: The Houstonian Hotel was notified of the breach on June 10 by the U.S. Secret Service. The payment processing systems were infected with malware on Dec. 28, 2013, and the attack continued until June 20. The Houstonian Hotel filed a police report in July, about four weeks after it was notified of the incident.
Quote: “We didn't have absolute certainty that we had stopped everything,” Jason Love, information technology director with The Houstonian Hotel, said regarding the delay. “We wanted to make sure we had all the information before we engaged our members.”
Source: chron.com, Houston Chronicle, “Luxury hotel computer breach impacts thousands,” July 8, 2014.