14 DAY TRIAL // Millennium Hotels & Resorts (MHR) and Noble House Hotels and Resorts (NHHR) have both announced investigations into suspected data breaches at their properties following notifications received from the US Secret Service.
Both announcements revealed the attackers compromised the point of sale (PoS) systems used at hotel properties, like stores, bars, restaurants, but not for room reservations.
Millennium Hotels & Resorts North America
The first to announce a breach was Millennium Hotels & Resorts, who revealed that customers that stayed at its properties between early March 2016 and mid-June 2016, might have had their payment card stolen.
The company said the incident affected all its 14 hotel properties in the US, and that its (yet unnamed) payment processor has confirmed the payment card data breach after the initial US Secret Service tip.
MHR did not confirm that the card breach occurred because of malware installed on its PoS systems, a common cause of such incidents.
Noble House Hotels and Resorts
Also yesterday, NHHR also admitted to suffering a breach that allowed crooks to steal payment card Track 1 and Track 2 information. NHHR said it was tipped off by the US Secret Service as well, but couldn't tell at the time of the announcement if malware was involved.
The hotel chain said the PoS systems at its properties were compromised between April 26, 2016, and June 8, 2016.
The only affected property is Ocean Key Resort & Spa. NHHR said it managed to track down the infected systems to on-site establishments such as Hot Tin Roof Restaurant, Sunset Pier bar, and LIQUID Pool Bar.
Possible MICROS connection?
Both hotels said they'll be providing identity fraud protection, as US law demands from businesses in case they've put their clients in danger.
The announcements come two weeks after Oracle admitted to a security breach at MICROS, a company it bought in 2014 that provides PoS hardware and software for businesses all over the globe. Softpedia has reached out to both companies to inquire about the usage of MICROS systems at their locations.
In the last three months, other hotel chains suffered similar card breaches. These are the HEI Hotels & Resorts (mid-August), Omni Hotels & Resorts (mid-July), and the Hard Rock Hotel & Casino in Las Vegas (late June).