Wyndham Hotels hacked

A data breach last summer, at a hotel associated with Wyndham Hotels and Resorts hotel chain, has exposed guest names and credit card data. Wyndham franchises include the Ramada Inn, Days Inn, Super 8, Travelodge and Howard Johnson. The breach was the result of an attacker using a "centralised network connection" at one of the franchises, to access and download the information from 41 Wyndham properties. Wyndham discovered the breach in mid-September due to "unusual activity" in one of its servers that is used to siphon data to an "offsite URL."

Affected customers were advised of the breach just before Christmas. According to the hotel chain, 21,000 guest and cardholder names, account numbers and payment details were exposed. The breach was first made public in late December by the Open Security Foundations Data Loss database. The State Attorney General of Florida recently warned those affected by the breach to monitor their credit reports for any unusual or suspicious activity.

According to Wyndham, a full investigation has taken place that included law enforcement and took a total of eight weeks. In a February 2009 open letter to it's customers, Wyndham advised; "At this time, no criminal identity theft related to the use of the consumer data has been identified. Importantly, we believe that it is unlikely that identity theft will occur because of the limited amount of information that was compromised."

Increasingly attackers are focusing on large companies for access to client and card details in the thousands, or even millions. While individual attacks still occur, the focus seems to be on compromising large companies systems to get a large amount of data that can be used in larger, more profitable, attacks and scams.

See also:

• Over 100 million credit / debit cards compromised, a report from The H.
• $9 Million stolen in ATM Scam, a report from The H.

(crve)