Scope of Drury Hotels' security incident expands

Pittsburgh hotel exterior
The time frame of a security incident affecting guests at Drury Hotels has changed, affecting more guests the previously thought. Photo credit: Drury Hotels

Back in May, Drury Hotels notified certain guests of a security incident that occurred on the network of a third-party technology service provider that involved information related to transactions made through some third-party online booking websites. Despite the service provider's assurances that the incident only involved transactions sent through the service provider's network between Dec. 29, 2017, and March 13, 2019, the service provider has now informed Drury Hotels that transactions between Dec. 28, 2017, and June 2, 2019, are involved. 

The service provider is a company used by Drury Hotels and other hotel companies to collect reservations made by guests on third-party online booking websites and enter them into its system. In addition to the individuals that were previously notified, Drury Hotels is notifying those individuals who used third-party online booking websites to make a reservation for Drury Hotels on Dec. 28, 2017, or from March 14, 2019 through June 2, 2019, that their information may have been involved in this incident. Reservations that were made directly with Drury Hotels were not involved in this incident.

What Happened?

The information in the transaction records that were involved included name, address, payment card number, expiration date and the card's external verification code. Some transaction records also included email addresses. Specific details regarding the reservation itself were not involved. Only transaction records from some third-party online booking websites were involved. Only some, not all, of the transaction records from those third-party online booking sites were involved.

Virtual Event


Survival in these times is highly dependent on a hotel's ability to quickly adapt and pivot their business to meet the current needs of travelers and the surrounding community. Join us for Optimization Part 2 – a FREE virtual event – as we bring together top players in the industry to discuss alternative uses when occupancy is down, ways to boost F&B revenue, how to help your staff adjust to new challenges and more, in a series of panels focused on how you can regain profitability during this crisis.

The hotel company received a list of the specific transaction records that were involved. For the transaction records that contained a mailing address, Drury Hotels is mailing letters to those individuals. For transaction records without an address that contained an email address, Drury Hotels is sending email notifications to those individuals. If guests do not receive a notification letter or email, either their information was not involved in this incident or the list from the service provider did not contain their mailing address or email address.

Drury Hotels received confirmation from the service provider and the cybersecurity firm it engaged that it has undertaken measures to stop this incident and prevent something like this from happening again.

Suggested Articles

Englender, managing director at the FF&E and OS&E procurement firm, talked about how his company is evolving in the midst of the pandemic.

The company will introduce the antimicrobial and antiviral Surface-Guard Technology on select Sealy products beginning in early 2021. 

The first HospitalityVIEW meeting reached a consensus that technology innovation will be a driving force to lead the industry out of the downturn.