14 DAY TRIAL // Cities Service received a notification from the InterContinental Hotel Group (IHG) it is part of, regarding a possible compromise of its payment processing systems at its Holiday Inn Express & Suites hotel in Sulphur, Louisiana.
IHG was alerted of the breach by the US Secret Service and suggested Cities Service initiate an investigation to check if a security incident had occurred.
Payment processing system compromised for almost four months
The company contracted the forensic services of Dell SecureWorks to determine evidence of malicious activity. Following the inquiry, it was established that a piece of malware had infected the payment system since October 13, 2014, until February 11, 2015.
The customer data exposed includes names, addresses, card numbers and expiration dates; no social security numbers have been leaked. According to the notification letter from Cities Service, a total of 613 individuals were affected by the incident, two of them being residents of the state of New Hampshire.
All of them have been provided a free subscription to three major bureau credit monitoring services for a period of one year.
The company states that it has no indication that the sensitive financial data has been misused in any way. However, although cybercriminals generally rush to capitalize on the information, sometimes they sit on it for a longer time, in order to not attract the attention of the authorities.
Company updates security products and employee procedures
Measures taken by Cities Service to stop the leak consisted in removing the compromised workstation from the network and applying a clean backup image of the operating system.
Apart from this, at the recommendation of Dell SecureWorks, the firewalls, security software as well as employee procedures will be updated.
It appears that the incident was caused by opening a malicious attachment in an email. The type of the malware has not been disclosed.