Omni Hotels & Resorts notifies guests of payment card breach
Update: It appears that more than 50,000 have been affected.
From the notice posted on Omni Hotels & Resorts web site today:
Message to Our Valued Customers:
Omni values the relationship we have with our guests and wants you to be aware of an incident that may involve your payment card. We recently became aware of a malware intrusion that affected some point of sale systems at certain Omni hotels. Promptly after discovering the issue, we immediately engaged leading IT investigation and security firms to determine the facts, and we have now contained the intrusion. Protecting the security of our customers’ personal information is a top priority for Omni. We value and respect the privacy of your information, and we sincerely apologize for any concern or inconvenience this may cause you.
1. What Happened and What Information Was Involved:
On May 30, 2016, we discovered we were the victim of malware attacks on our network affecting specific point of sale systems on-site at some Omni properties. The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date.
We have no indication that reservation or Select Guest membership systems were affected. Accordingly, if you did not physically present your payment card at a point of sale system at one of the affected Omni locations, we do not believe your payment card was affected. Additionally, there is no evidence that other customer information, such as contact information, Social Security numbers or PINs, were affected by this issue. The attacks did not affect all of our hotels, and depending on the location, the malware may have operated between December 23, 2015 and June 14, 2016, although most of the systems were affected during a shorter timeframe.
2. What We Are Doing and What You Can Do:
Upon learning of the intrusion, we promptly engaged leading IT investigation and security firms approved by the major credit card companies to determine the facts and contain the intrusion. The issue has been resolved, and we have taken steps to further strengthen our systems. We have contacted law enforcement and are cooperating with its investigation.
Even if you used your payment card at one of the properties involved, it does not mean you will be affected by this issue. Out of an abundance of caution, you may want to review and monitor your payment card statements if you used a payment card at an Omni hotel during the above referenced dates. If you believe your payment card may have been affected, please contact your bank or card issuer immediately. We also are offering one year of free identity theft protection and repair to all affected guests to provide an added safeguard. Additional information about those services and other steps you can take to protect yourself is available in the Reference Guide copied below.
3. For More Information:
We sincerely apologize for any inconvenience or concern this incident may cause you. Our guests are our highest priority, and the privacy and protection of our guests’ information is a matter we take very seriously. If you have any further questions, please call 1-855-303-9809, Monday through Saturday, 8:00 am to 8:00 pm CST or go to omnihotels.allclearid.com.
Omni Hotels Management