Orlando resort firm reports payment card network breachReprints
An Orlando, Florida-based resort firm has reported a cyber breach that may have affected its payment card network for almost a year and a half, including past the time it was first notified.
Rosen Hotels Resorts Inc. learned on Feb. 3 of unauthorized charges that occurred on payment cards after they had been used by guests during their stay, and the incidents may have affected cards used from Sept. 2, 2014, through Feb. 18 of this year, the company said Friday in a statement. Rosen maintains some 6,500 hotel rooms at its seven Orlando hotels.
Rosen said it immediately launched an investigation into reports of the unauthorized charts, and has hired a leading cyber security firm to examine its payment card processing system.
The company said findings from its investigation show that an unauthorized person installed malware in its payment card network that searched for data read from the magnetic stripe of payment cards as it was routed through the affected systems.
In some instances, said the company, the malware sought to gather the cardholder name, card number expiration date and internal verification code from the magnetic stripe on the card, while in other cases the data sought did not include the cardholder name. No other customer information was involved.
Rosen said it is working with payment card networks to identify the potentially affected cards so that the issuing banks can be made aware and initiate heighted monitoring of those accounts.
“Additional enhanced security measures have been implemented to help prevent this from happening again,” Frank Santos, Rosen's vice president and chief financial officer, said in the statement.
A company spokeswoman did not immediately have further comment.
Chicago-based Hyatt Hotel Corp. said in January it had completed its investigation of its own cyber breach last year.