DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

Wyndham Hotels and Resorts hacked again

Posted on August 28, 2009 by Dissent

Wyndham Hotels and Resorts (“WHR”) reports that it suffered a second hacking-related breach that it learned of while still dealing with a 2008 breach (see previous coverage). In a letter [pdf] dated August 21 to the New Hampshire Attorney General’s Office, Wyndham indicates that 201 residents of New Hampshire were affected by the latest incident:

During the on-going remediation process of the 2008 incident, in mid-May, 2009, WHR received notice of potential fraudulent use of credit cards in which one of its properties was identified as the Common Point of Purchase. As with the first incident, WHR retained a Qualified Investigative Response Assessor to conduct a thorough investigation, which is virtually complete at this time.

In August, WHR sent notifications to those affected. In their letter, they write:

This incident was identified when Wyndham received information that certain fraudulent credit card transactions were possibly traced back to one of our hotels. Upon learning of this possibility, Wyndham promptly retained an external examiner to conduct a thorough forensic investigation. The Wyndham investigation, which is now substantially complete, confirmed that a sophisticated hacker penetrated our computer systems; thereafter, the hacker was able to access the customer transaction files at a number of Wyndham hotels and create a unique file containing credit card numbers of certain hotel guests. In addition, the hacker was able to download transactional information that was captured by the memories of servers at certain hotels on a real-time basis for transactions that occurred between March 29, 2009 and May 10, 2009.

As a result of the investigation, Wyndham has determined that your credit or debit card number, expiration date and possibly your name were accessed. Further, magnetic stripe information from your credit card may have been accessed, depending upon whether the hotel swiped your card for a transaction or manually entered your credit card number, although, due to the sophisticated nature of the hack, we have not been able to determine precisely what magnetic stripe information, if any, was accessed. The hotel’s computer system did not store your Social Security Number, so fortunately the hacker did not access such information.

Related Posts:

  • (update 2) Only Wyndham-branded hotels involved in…
  • Wyndham continues to identify and notify hotel…
  • Wyndham hotels hacked again
  • Floridians warned about ID data breach at Wyndham Hotels
  • Wyndham Vacation Resorts reports an insider breach

Post navigation

← Hackers access American Barcode and RFID’s customer info
Old personnel files with medical records found in dumpster →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • Founder and Majority Owner of Cryptocurrency Exchange Pleads Guilty to Unlicensed Money Transmitting
  • Hackers hit Erris water in stance over Israel
  • Update: Cardiovascular Consultants Ltd. ransomware attack reportedly affected 500,000 patients, guarantors, and staff
  • Data breach by Addenbrooke’s Hospital reveals patient information
  • Millions of patient scans and health records spilling online thanks to decades-old protocol bug
  • Cybersecurity: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements (GAO Report)
  • Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers
  • CBIZ KA Notice of Data Privacy Incident (Prime Healthcare)

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net