Omni Hotels & Resorts warned customers that hackers stole payment-card information from the hotel chain by gaining access to its point-of-sale systems and installing malicious software. The malware may have operated between Dec. 23, 2015, and June 14, 2016, although most of the systems were affected during a shorter time frame, the company said. The company said it learned of the breach on May 30.
The chain did not disclose how many of its 60 properties were affected and the likely number of cardholders that could have been affected. As there is no indication that reservation or select guest membership systems were affected, users were unlikely to be affected unless they physically presented their payment card at a POS system at one of the affected locations.
More than 50,000 payment-card numbers related to the breach have been sold on criminal online forums by a hacker calling himself JokerStash, Andrei Barysevich, director of cybercrime research at Flashpoint, a company that researches criminal activity on the internet, told the Wall Street Journal. Flashpoint worked with payment-card issuers and payment processors on investigating the Omni breach. Hackers have been using the stolen information to make fraudulent purchases since late February, he said.
Barysevich believes that the criminals installed their malicious software on point-of-sale systems in Omni’s hotels and bars, a technique that was used on previous attacks against Hyatt Hotels Corp. , Starwood Hotels & Resorts Worldwide and Hilton Worldwide, he said.
An Omni spokesman couldn't immediately say how many customers were affected. The hackers stole cardholder names, card numbers, expiration dates and security codes, Omni said. The company said “there is no evidence” that other customer information, such as contact information or Social Security numbers, were affected.