As in a lot of these cases where personal financial data may or may not have been compromised, we have to wonder why it takes organizations so long to notify their customers.
On July 8, Dallas-based Omni Hotels & Resorts reported that some of its properties’ point-of-sales-systems were recently attacked by unauthorized malware.
The company, which has 60 hotels throughout the U.S., Canada, and Mexico, did not say which properties were affected or exactly which point-of-sales systems, but those systems could include on-property shops, restaurants, and the like.
The announcement was made a little over a month after the company initially learned of the attack on May 30. When asked why Omni waited more than a month to notify the public of the data breach, a company spokesperson said, “After discovering the malware attacks, our first step was to immediately engage leading IT investigation and security firms to determine the facts. We have since contained the intrusion.”
According to Omni, possible affected information includes guests’ names, credit and debit card numbers, card expiration dates, and card security codes. The company also said it does not believe any other personal customer information was involved, including data related to reservations or membership systems.
Omni advised guests who are concerned about the data breach to closely monitor their payment card statements, especially if they used a physical credit or debit card at an Omni hotel during the period of Dec. 23, 2015 to June 14. Guests who did not present a physical card at point of sale, Omni said, were most likely not affected by the malware attack.
The hotel has also set up a page on is site that provides additional information for guest, including information on how they can receive a year’s worth of free identity theft protection and repair.
In a release, the company said, “Omni values and respects the privacy of its guests and sincerely apologizes for any concern or inconvenience caused by this malicious attack.”
Omni isn’t the only hotel company that’s had to deal with a data breach this year. Trump Hotels and the Hard Rock Hotel Las Vegas have both suffered from two data breaches within the past year. Last fall, Hilton Hotels launched an investigation into a data breach as well. In all of these cases, customer credit/debit card information may have been compromised.
Photo credit: The Omni Hotel Nashville. Omni Hotels & Resorts