Omni Hotels suffers data breach

Omni Dallas Hotel
Omni Dallas Hotel

Omni Hotels & Resorts warned customers that hackers stole payment-card information from the hotel chain by gaining access to its point-of-sale systems and installing malicious software. The malware may have operated between Dec. 23, 2015, and June 14, 2016, although most of the systems were affected during a shorter time frame, the company said. The company said it learned of the breach on May 30.

The chain did not disclose how many of its 60 properties were affected and the likely number of cardholders that could have been affected. As there is no indication that reservation or select guest membership systems were affected, users were unlikely to be affected unless they physically presented their payment card at a POS system at one of the affected locations.

More than 50,000 payment-card numbers related to the breach have been sold on criminal online forums by a hacker calling himself JokerStash, Andrei Barysevich, director of cybercrime research at Flashpoint, a company that researches criminal activity on the internet, told the Wall Street Journal. Flashpoint worked with payment-card issuers and payment processors on investigating the Omni breach. Hackers have been using the stolen information to make fraudulent purchases since late February, he said.

FREE HOTEL MANAGEMENT NEWSLETTER

Like this story? Subscribe to Technology!

Hospitality professionals turn to Technology as their go-to news source for the latest technology products and trends. Sign up today to get news and updates on security systems, in-room entertainment, and more delivered to your inbox and read on the go.

Barysevich believes that the criminals installed their malicious software on point-of-sale systems in Omni’s hotels and bars, a technique that was used on previous attacks against Hyatt Hotels Corp. , Starwood Hotels & Resorts Worldwide and Hilton Worldwide, he said.

An Omni spokesman couldn't immediately say how many customers were affected. The hackers stole cardholder names, card numbers, expiration dates and security codes, Omni said. The company said “there is no evidence” that other customer information, such as contact information or Social Security numbers, were affected.

Suggested Articles

The Peppers Airlie Beach resort in north Queensland is up for sale via an International expressions of interest campaign.

Ahead of the Mediterranean Resort & Hotel Real Estate Forum, Atrium Hotels' Athinagoras Konstantinidis discusses hotel opportunities and challenges.

The Radisson Red Miraflores has 100 guestrooms, a games studio and a fitness center.