14 DAY TRIAL // Rosen Hotels & Resorts Inc. (RH&R), a Florida-based US hotel chain, had some bad news for its customers during the past week after the company announced a malware infection that affected its credit card processing system for over 17 months.
As the hotel chain is explaining in a statement on its website (also embedded below), they were first alerted that something was wrong on February 3, 2016, when customers that stayed at the hotel reported unauthorized credit card transactions at their banks.
RH&R took the reports seriously and to make sure it was not at fault, hired a security company to search through its systems for any signs of problems.
Malware infection was first spotted in September 2014
The company did find malware, and now RH&R is saying that between September 2, 2014 and February 18, 2016, some of its computer systems that handle payment card transactions were affected by malware.
The malware was specifically designed to scrape computer memory for credit card information. RH&R says that the malware stole information about the cardholder's name, card number, expiration date, and internal verification code.
The hotel chain is not sure at this moment how many of its properties were affected by this infection, but has started notifying customers for which it believes the malware managed to steal their credit card data.
When are hotel chains going to strengthen their security measures?
"It’s troubling to see another malware attack be so successful— and even more troubling that it persisted over a prolonged period of time without being detected," said Kevin Watson, CEO at Florida-based Netsurion, a provider of remotely-managed security services for multi-location businesses.
"We counsel our customers that any business, regardless of size, that processes payment data or offers free Wi-Fi to guests, is a lucrative target for cybercriminals. That hasn’t changed and isn’t likely to, as long as business owners continue to overlook security as a key part of their operations," Mr. Watson also told Softpedia.
"This latest news should serve as a reminder to anyone not taking measures to secure customer and business data. Sometimes, the best approach is to partner with a managed data and network security provider to take the burden off the business owner and ensure protection of their valued customers’ information," he also added.
Mr. Watson's recommendations are more than welcomed these days, and hotel owners should listen to his advice after in the past months quite a few hotel chains suffered card breaches.
The list includes a lot of big names in the tourism business: Hyatt Hotels, Trump Hotel Collection, Starwood Hotels, Hilton Hotels, InterContinental Hotel Group, Hard Rock Hotel & Casino, Marriott, Sheraton, and Mandarin Oriental Hotels.