Hospitality Industry Data Theft: Hotel Owners Must Prevent Breaches Of Credit Card Processing Systems By “Cyber-Criminals” Who Install “Malicious Programs” To Steal Data

“… remote attackers installed a malicious program into the card processing system of Englewood, Colo.-based hotel chain Destination Hotels & Resorts. Guests at 21 Destination properties may have been subjected to credit card theft…”

“..the Westin Bonaventure Hotel & Suites in Los Angeles disclosed a possible data breach of its POS systems dating back to 2009. Also, between November 2008 and May 2009, the computer systems of some Radisson hotels in the United States and Canada were illegally accessed. And the computer systems of Wyndham Hotels & Resorts were accessed on two separate occasions by cybercriminals who stole customers’ card numbers, expiration dates and other data…”

Cybercriminals last year targeted hotels more than any other industry for credit card theft, according to a recent report by data security company Trustwave. Hotels are being targeted because they have large amounts of credit card data and frequently neglect to implement the most basic security precautions, such as changing default passwords or ensuring programs are up to date, said Nicholas Percoco, senior vice president of Trustwave’s SpiderLabs.

As a result, attackers commonly gain entry into a hotel’s network by exploiting default passwords on point-of-sale (POS) applications, added Dave Ostertag, manager of investigative response at Verizon Business. From there, customized malware is loaded onto the hotel’s transaction server that steals credit card information as a transaction occurs.

In March, the Westin Bonaventure Hotel & Suites in Los Angeles disclosed a possible data breach of its POS systems dating back to 2009. Also, between November 2008 and May 2009, the computer systems of some Radisson hotels in the United States and Canada were illegally accessed. And the computer systems of Wyndham Hotels & Resorts were accessed on two separate occasions by cybercriminals who stole customers’ card numbers, expiration dates and other data.

For more:  http://www.scmagazineus.com/rampant-hotel-data-theft/article/174579/

(Visited 141 times, 1 visits today)

Comments Off on Hospitality Industry Data Theft: Hotel Owners Must Prevent Breaches Of Credit Card Processing Systems By “Cyber-Criminals” Who Install “Malicious Programs” To Steal Data

Filed under Insurance, Liability, Privacy, Risk Management, Theft

Comments are closed.