Rosen Hotels sued over data-breach payments

Rosen Plaza hotel

A data breach at Rosen Hotels & Resorts last year threatens to cost the company more than $2.4 million. St. Paul Fire & Marine Insurance has filed a lawsuit asking a Florida judge to formally state that the insurance company is not responsible for paying any costs related to the breach.

The lawsuit, filed in the U.S. District Court Middle District of Florida, Orlando Division, is being brought against Rosen Millennium Technology Group, a sister company to the resort with which it shares several key executives, according to the Orlando Sentinel

According to the new lawsuit, Rosen has been hit with a $1 million fine each from Visa and MasterCard; a $128,830 fine from American Express; $50,000 in attorneys’ fees; $40,000 in costs to send notifications to clients; $15,000 in fees to a crisis-management firm; and a bill for $150,000 to a data-forensics team that identified the breach. The costs could continue to grow if Rosen faces additional legal claims from customers, according to the lawsuit.


Like this story? Subscribe to Operations & Technology!

Hospitality professionals turn to Operations & Technology as their go-to source for breaking news on guestrooms, food & beverage, hospitality and technology trends, management and more. Sign up today to get news and updates delivered to your inbox daily and read on the go.

In the suit, St. Paul's is claiming a data breach and any ensuing losses are outside the scope of the commercial general liability policy and it wants a judgment by the court confirming this stance. 

Back in early 2016, Rosen disclosed a data breach that impacted an unknown number of guest credit cards. The upscale hospitality provider said that the cards were compromised by malware on the payment network.

Chris Burgio, VP at Marsh & McLennan in Fort Lauderdale, which sells data breach insurance, told the Orlando Sentinel that more firms are buying data breach policies, but recent studies show only about 20 percent of companies have them. A study by Marsh in 2016 showed the hospitality industry was among the slowest to buy insurance for data breaches, with only 15 percent of hospitality and gaming companies buying specific policies for data breaches.

This is the latest confirmed breach in a string of acknowledged breaches: Kimpton Hotels, HEI Hotels and Resorts, Millennium Hotels & Resorts North America, the Hard Rock Hotel & Casino in Las Vegas (twice), Trump Hotels (twice), Golden Nugget hotels, Mandarin Oriental, Omni Hotels, and White Lodging all have been victims of data breaches.

In addition to data-breach insurance, there are other steps hotels can take to minimize risk. These include understanding the risk of a data breach, having a strict online policy bolstered by strong employee training, updating machines and technology, and being prepared in case you are targeted. 

Suggested Articles

The new leader will oversee Sage’s hotel and restaurant operations, creating and executing strategies that strengthen and grow the division.

The development, located near the entrance to Walt Disney World Resort, will include 997 guestrooms and a sports facility.

Marin Management’s founder revealed plans to retire later this year as IHG, Dream Hotel Group, Aimbridge Hospitality and others added new leaders.