California-based Evans Hotels, which operates Bahia Resort Hotel, Catamaran Resort Hotel and Spa, and The Lodge at Torrey Pines, announced that malware was installed on computers at the front desks of its properties that could have compromised payment card data. Evans Hotels immediately initiated an investigation and engaged a leading computer security firm to examine its payment system.
Evans Hotels learned in February that guests who used payment cards at its properties were seeing unauthorized charges on those cards. During an investigation, Evans Hotels learned that backup card readers that do not encrypt card data when cards are swiped were being used in addition to its current system during the check-in of large groups. Several years ago, Evans Hotels began using card readers that encrypt payment card data when the card is swiped, and the older card readers were kept as a backup for IT disaster recovery purposes, SC Magazine reports.
As the investigation progressed, indicators were found that malware had been installed on the computers at the front desks of Evans Hotels' properties that could have captured data from cards that were swiped using the backup readers between September 2014 and March 5, 2015. The information that may have been affected included the cardholder name, account number, expiration date and verification code. Most cards used during this time frame were swiped through readers that encrypt card data and were not affected by this incident, reports eTurbonews.