DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Wyndham Hotel Group hacked

Posted on January 3, 2009 by Dissent

If you stayed at a Wyndham hotel, check your mail, because you may be getting a letter from the chain telling you of a hack that occurred months ago.

In a letter to the New Hampshire Attorney General dated December 23, Wyndham Hotels and Resorts updated a notification sent to states attorney general back in early October about a breach involving their data center in Phoenix. The date of the breach and date of discovery were not indicated in the follow-up letter and the original notification to states attorney general is not currently available online.

In a letter to affected individuals, the chain writes:

As a result of unauthorized access to Wyndham systems, Wyndham has determined that your credit or debit card number, expiration date and possibly your name were compromised. Wyndham has taken numerous steps to protect your information since the discovery of this incident. In addition to terminating the unauthorized access, we revalidated our information security infrastructure to confirm that we maintain industry standard protections for customer data. In addition, we promptly notified law enforcement and each of the major payment card networks (American Express, Visa, MasterCard, and Discover). We also provided each of the payment card companies with the actual credit and debit card numbers that had been involved in the incident so that the payment card companies could take such action as they deemed appropriate to monitor the cards. We also notified the affected managed and franchised hotels so that they could take the appropriate action to ensure that their systems are properly investigated and secured.


In their notification to the states, Wyndham notes that “due to the nature of the breach, the names and addresses of the consumers were not readily available. Consequently, Wyndham contracted with a third party, Equifax, to provide a matching service for all current credit card numbers which we believe may have been compromised.”

Notification to those affected began on December 15, but because the matching process was not completed as of December 23, the company anticipated that it would still be sending out notifications “early in 2009.”

Wyndham did not indicate in its notification which hotels were affected or how many customers were affected.  In its response to an inquiry, a spokesperson reported:

We are taking every step to ensure our guests’ information is protected and at the same time give them notice to watch their accounts. This affected a small number of guests at a small number of hotels.

Claiming confidentiality, the spokesperson declined to answer any further questions. A reliable source informs us that Wyndham has also tried to prevent its breach disclosure from being made publicly available on the web in at least one state’s breach list.

The chain is offering those affected one year of Equifax Credit Watch 3-in-1 Alerts and:

In addition, for a limited time we are offering a Preferred Customer Rate discount program for our customers who may have been impacted by this incident. You will receive a 20% discount on the room rate for any hotel stays with a Wyndham brand hotel when you make your reservations on or before March 31, 2009. To take advantage of this offer via telephone, you may call 1-800-WYNDHAM and ask for the PREFERRED GUEST RATE  or ask for the rate for Corporate ID 43783670. To take advantage of the discount online, please visit www.wyndham.com. and select the property at which you want to stay.  At that point, you should enter your travel details, click on Search using Corporate, Promo and Group codes, enter Corporate ID 43783670 and then search for rates.

Related posts:

  • FTC Files Complaint Against Wyndham Hotels For Failure to Protect Consumers’ Personal Information
  • Wyndham caves, settles charges with FTC (updated)
  • (update 2) Only Wyndham-branded hotels involved in three breaches
  • Transcript of Oral Argument in FTC v. Wyndham
Category: Breach IncidentsBusiness SectorHackU.S.

Post navigation

← Pepsi employee data on missing storage device
Stolen CreditTek laptop contained data on 68,857 DJO patients →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.