A data breach was reported at a Brunswick, Maine, hotel and it may have exposed personal information for thousands of people. The Brunswick Hotel and Tavern management says malware was placed on their front desk computer sometime last November, which means anyone that has stayed there between then and when it was discovered may have had their information stolen.
Dan Flaherty, chief financial officer for Portland-based The Olympia Cos., said Wednesday that investigators of the breach believed the malware was installed through a scam phishing email made to look like a message from a guest.
“It was mistakenly opened up, and the malware is then designed to avoid detection from antivirus software,” Flaherty told The Forecaster.
He said the company estimated a total of 2,600 guest accounts possibly had been affected, but investigators were not able to confirm how many of those were actually compromised.
A copy of the customer letter was posted online Aug. 25 by the Vermont Office of the Attorney General. According to the letter, “it appears that one of the front desk computers at the hotel was infected with sophisticated malware designed to capture and permit remote access to payment card information while avoiding detection by anti-virus software” for a period of nearly eight months beginning Nov. 29. It was discovered and removed on July 21.
Olympia said in the letter that it has retained “a leading cybersecurity and investigations company” to investigate the malware infection and tighten the hotel’s computer security, reports the Portland Press Herald.