The California based hotel company, Evans Hotels, has become a recent victim of compromised payment card data.
Evans Hotels- which operates the Bahia Resort Hotel, Catamaran Resort Hotel & Spa, and The Lodge at Torrey Pines- admitted to having used back-up card readers that do not encrypt credit card data when swiped. To add accident to injury, they later discover that malware had been installed on the front desk computers of all properties.
The number of victims affected by this POS breach is currently uncertain, but Evans Hotel has determined that cards swiped through the back-up readers between September 2014 and March 5 2015 may have had their credentials compromised.
The backup payment card readers have since been removed from all properties and the hotel chain is working with a computer security firm to implement additional security initiatives.
An announcement recently published on the Evans Hotel website stated, “We worked extensively to identify only those guests whose cards were swiped through the backup readers during this time frame, but we were not able to reliably make that distinction from our records. Because we were not able to specifically identify the small percentage of guests whose cards were swiped through the backup readers, if you used a card at one of our properties during this time frame, we recommend that you regularly review your account statement for any unauthorized activity”.
According to the Verizon 2014 Data Breach Investigations Report, industries most commonly affected by POS intrusions often include: Restaurants, hotels & grocery stores. It’s vitally important that hospitality organizations both large and small take the initiative to implement security solutions like File Integrity Monitoring and Change & Configuration Management within their IT environments to help protect their customer’s credentials & information from a possible breach.
See more on PCI DSS Compliance
Read the full release on the Evans Hotel Website
You can read the full article on SC Magazine here