In the latest string of reports of hotels being hit by data breaches and malware, this time it is Omni.
Omni Hotels & Resorts announced yesterday that they’d found malicious software installed via point-of-sale systems (such as restaurants and gift shops) at 49 of their 60 North American hotels.
Information that was stolen –
The hackers stole credit card numbers, cardholder names, expiry dates and security codes. Omni stated that they don’t have any reason to believe that any other information was stolen.
Omni’s notice says that if you didn’t physically hand over your card at a point of sale system, they do not think that your card was affected.
The dates that the malware may have operated are believed to be December 23, 2015 through June 14, 2016 with some locations having shorter periods.
Interestingly, Omni said they discovered the breach May 30 so maybe they didn’t realize the extent of the malware in time to shut it down before mid-June.
What can you do?
Omni is asking guests to review their credit card statements and contact their bank or card issuer if there is something out of the ordinary spotted.
If your credit card was affected –
Omni is offering one year of free identity theft protection to all affected guests, via AllClear Identity Protection. You are encouraged to call them with any questions at 1-855-303-9809 Monday-Saturday between 8am and 8pm CST and you can also go to omnihotels.allclearid.com
Typically once we hear about a hotel chain data breach there isn’t much more said afterwards. In this case though, the Wall Street Journal reported some interesting facts.
According to WSJ, over 50,000 credit/debit card numbers related to the Omni breach have been sold online in criminal forums by a hacker calling himself JokerStash.
The director of cybercrime research at Flashpoint believes that the same methods the criminals used this attack on Omni were also used in the malware breaches that Starwood, Hilton, and Hyatt experienced.
He thinks that JokerStash works with a team of hackers that have developed their own sophisticated malware. I wouldn’t be surprised if the team was involved in all of the recent hotel malware breaches. This is bad news for customers and hotels, and this surely won’t be the last report of hotel point-of-sale credit card data hacking. The upside is that now that the authorities are aware of the possible connection they can take steps to safeguard their systems.
Were you affected by the Omni Hotels data breach? Have you had your credit card details stolen before?