Here’s yet another incident of a POS terminal data breach caused by a POS malware. The Dallas-based Omni Hotels and Resorts has come up with a note of caution to its patrons informing them that its POS systems at some of its properties have been hit by malware. It’s reported that the malware attack and data breach has impacted more than 50,000 customer credit and debit cards at 49 locations of the Omni Hotel chain.
It’s reported that though the POS security breach was discovered on May 30th, the customers have been notified only after Omni Hotels collaborated with an IT security company and addressed the POS malware issue. As per reports the POS malware that struck at the Omni Hotel chain POS terminals could have helped cybercriminals collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date. It’s speculated that the POS malware might have operated between December 23, 2015, and June 14, 2016. However, as per current reports, available evidence suggests that other customer information, such as contact information, Social Security numbers or PINs were not stolen.
This is what the notice brought out by Omni Hotel chain says – “We have no indication that reservation or Select Guest membership systems were affected. Accordingly, if you did not physically present your payment card at a point of sale system at one of the affected Omni locations, we do not believe your payment card was affected. Additionally, there is no evidence that other customer information, such as contact information, Social Security numbers or PINs, were affected by this issue. The attacks did not affect all of our hotels, and depending on the location, the malware may have operated between December 23, 2015, and June 14, 2016, although most of the systems were affected during a shorter timeframe”.
Combating the POS malware
Omni Hotel chain acted immediately upon learning of the POS security breach and the issue seems to have been handled well. This is what the Omni notice says about that- “Upon learning of the intrusion, we promptly engaged leading IT investigation and security firms approved by the major credit card companies to determine the facts and contain the intrusion. The issue has been resolved, and we have taken steps to further strengthen our systems. We have contacted law enforcement and are cooperating with its investigation.”
The Omni hotel notice says that even if a customer had used a payment card at one of the affected hotels, the card might not have been affected. However, customers have been advised to review and monitor their payment card statements if they had used a payment card at an Omni hotel during the dates referenced in the notice. Customers have been asked to contact their respective banks or card issues if they feel that their cards have been affected. Omni hotels also one year of free identity theft protection to affected people. The company’s notice says- “We also are offering one year of free identity theft protection and repair to all affected guests to provide an added safeguard.”
The POS malware strike on the Omni hotel chain follows similar POS security breaches that have happened at other hotels and restaurants, including Starwood Hotel, Trump Hotels, Hilton Hotels, Hyatt hotels, Wendy’s etc.